System and method for cross platform document sharing

Information

  • Patent Grant
  • 10574729
  • Patent Number
    10,574,729
  • Date Filed
    Thursday, December 15, 2016
    8 years ago
  • Date Issued
    Tuesday, February 25, 2020
    4 years ago
Abstract
This invention discloses a novel system and method for automatically managing the movement of document files from a first document storage sub-system to a second document storage sub-system, tracking such movement and applying security policies before the movement is completed.
Description
FIELD OF INVENTION

The present invention generally relates to the field of document data file management, data security applied to such data files and data file communication by and among computer systems. In one embodiment, the invention operates on a system comprised of at least one local computer operated by a user, a server system operating the Workshare server and at least one server operating a corresponding third party Saas document sharing platform, whereby the local computer and the servers are in communication using a data network.


BACKGROUND

In the past most document sharing was done via email but in recent years' users have seen the benefits derived from sharing documents in online shared containers and sought to have content being synchronized between these containers and their own computers and mobile devices. This market shift has led to a large number of File Sharing, File Synchronization and Collaboration systems designed to make collaboration easier and for files to be synchronized to wherever a user might want to consume them. The fact that there is not one dominant vendor or technology in this space, but a large number of different vendors and different technological platforms has lead to a number of problems when two organizations that use two different solutions wish to communicate or share documents. They end up relying on inferior technology that both organizations happen to have available—not the platforms that they use internally. This introduces inconveniences like lost document versions, version conflicts, vulnerabilities to security and the like. Therefore, there is a need for a computer system and method of operating computer systems that is an agnostic and consolidated technical solution for document storage, sharing and communication that provides productivity gains for users, and control and risk reduction for organizations by permitting such uses across multiple platforms. The problem of multiple document sharing platforms can be considered from four perspectives:


Content Producer: The modern information professional (someone who produces documents for a living) is being faced with an ever increasing number of SaaS (Software as a Service) based (cloud) systems for storing and sharing documents. These systems include onsite or cloud based enterprise collaboration applications, traditional secure document repositories, home grown Intranet sites and an ever increasing number of modern cloud based SaaS file sharing systems. In a professional service context, often the choice of which system to use is not governed by the content producer, but by his client (the content consumer). As a result, users are required to work across many of these systems on a daily basis.


Content Consumer: From the client's (i.e. the content consumer) perspective, the problem is the same. Unless they are able to mandate that all their content producing counterparts use the same system as they do for file sharing and collaboration (which is unlikely) they are faced with the same dilemma. This example is well illustrated by the challenges corporate counsels face when dealing with multiple law firms and multiple stakeholders internal to the organization. Getting everyone to use the same document storage, sharing management and transmission system is often an impossibility. As a result of the administrative burden this imposes, typically users revert to the lowest common denominator—email with attachments.


Information Governance perspective: The situation above is a nightmare for those charged with data loss prevention and ensuring that information access policy is adhered to. For example, an organization might have a policy that no hidden information found inside documents (for example, metadata) should accidently leave the organization. This organization might have taken measures to ensure this level of protection over files being exchanged in email, but has an ever increasing gaping hole when it comes to SaaS based file sharing systems (which due to their simplicity and mass adoption are often the client's choice). Additionally, the organization (either of the content producers or content consumers) might have invested in an Enterprise Content Management system. In this case, the organizational goal will be to ensure that all content is stored in their chosen ECM/DMS system instead of being distributed in an ever increasing number of external systems.


Market perspective: The number of Enterprise File Sharing Systems is increasing rapidly. The market research firm Gartner Group tracked about 170 companies. Dominant incumbent vendors all have offerings competing against new highly funded startuipvendors and there is a plethora of specialist vendors who provide a unique value proposition over and above basic file sharing—product like Workshare's Transact™ are examples of applications that deliver file sharing in a unique way, aligned with the use cases in the markets in which they operate. Different vendors are taking different approaches to compete. Some SaaS vendors have made available their up their proprietary application programming interface protocols (APIs) to position themselves as platforms whereas others have doubled down on their unique proprietary technology to deliver narrow products and services. Prices are being squeezed and as a result, there is a race to the bottom in terms of prices for data storage. There needs to be a way of working across the boundaries around these systems, effortlessly and safely.





DESCRIPTION OF THE FIGURES

The headings provided herein are for convenience only and do not necessarily affect the scope or meaning of the claimed invention. In the drawings, the same reference numbers and any acronyms identify elements or acts with the same or similar structure or functionality for ease of understanding and convenience. To easily identify the discussion of any particular element or act, the most significant digit or digits in a reference number refer to the Figure number in which that element is first introduced (e.g., element 101 is first introduced and discussed with respect to FIG. 1).



FIG. 1 shows the basic architecture of the invention.



FIG. 2 shows the workflow where a user uploads a file from the document management system to a third party SaaS system.



FIG. 3 shows the workflow where a user uploads a file saved from their local computer or from the Workshare system to a third party system.



FIG. 4 shows the workflow where the system receives a link to the file from on the third party document management system and the file is transferred to the user's device for editing.



FIG. 5 shows the workflow chart for conducting document collaboration.



FIG. 6 shows the workflows originating from the FIG. 5 workflows.



FIG. 7 shows flow chart for HTTP access and trapping for the file handling subclass.





DETAILED DESCRIPTION

Various examples of the invention will now be described. The following description provides specific details for a thorough understanding and enabling description of these examples. One skilled in the relevant art will understand, however, that the invention may be practiced without many of these details. Likewise, one skilled in the relevant art will also understand that the invention can include many other features not described in detail herein. Additionally, some well-known structures or functions may not be shown or described in detail below, so as to avoid unnecessarily obscuring the relevant description. The terminology used below is to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific examples of the invention. Indeed, certain terms may even be emphasized below; however, any terminology intended to be interpreted in any restricted manner will be overtly and specifically defined as such in this Detailed Description section.


The invention is a computer system and computer operated process that provides an agnostic and consolidated position between all of these other systems to provide productivity gains for users and control and risk reduction for organizations. In one embodiment of the invention, FIG. 1, a system interfaces with each of these other type of document systems and services in order to manage the interaction between them. Referring to FIG. 1, a user of the system embodying the invention, 101, can search or select a file from a variety of locations with increasing complexity. For example, network storage (102), a file sharing SaaS system (103) or a document management system (DMS) (104). The user can then request that the invention route the file to an external location, (106), which may be a external file sharing Saas, transmission by email or even using web services for file transmission. Likewise, the system may receive a file from one of these external data sources (107). That received file may be forwarded on by the invention to any of the data storage locations (102), (103), (104). In the meantime, the movement of the file is transaction data stored in a database accessed by the invention (108). That database (108) in one embodiment stores a data record (109) that corresponds to the document that may include security policy data. In addition, that file may be related to a data record for the user (110). The invention provides the ability to receive security protocols that can be associated with a user (111). Likewise, the database (108) can be used to generate an audit report on use of a file or use of the system by the user (112).


The Benefit to the user:


Regardless of the file sharing systems they use; all files are available to them in a central location. This gives users the advantage of being able to benefit from the value delivered by any of the file sharing systems yet the confidence to know that all their files are easily accessible to them outside of any of those systems


Users are able to organize their files as they like yet publish them into the organizational paradigms found in file sharing systems. For example, the user might organize their files and folders by Client, Project and Status whereas the client might organize the file sharing system (which both parties are using) very differently (by department, provider or project milestone). The invention maintains data structures that for a given document, map between these two different ways of organizing files thus making this distinction transparent to the user. The invention uses the mapping so that the user's applicable parameters present a FileOpen dialog where selection of the file is in accordance with the user's preferred organization. When the invention delivers the file to an external destination, the mapping is used by the invention to input the appropriate parameters defining the metadata of the document into the destination context.


Users can easily publish files to a third party system and then re-publish them as they evolve the same way because the invention maintains data structures that for each document track where the document was published. This is very advantageous when one document file might be published to more than one document sharing system because the invention automatically updates all systems where a version of a file is being shared.


Users can accurately and quickly understand what is different between documents as they evolve through their versions. In one embodiment, Workshare's™ document comparison software is utilized by the invention to automatically show users exactly what changed between versions of a document file.


Benefits to the organization:


Risk is reduced as all document files that are uploaded to file sharing systems are processed through the system that operates a document policy system which can remove hidden information or block the upload/sharing of files if inappropriate


Record all events where files are uploaded (which file, when, by whom and to where). Suspicious activity can then be tracked and reported on. This provides a central location to obtain document use auditing.


Retain information as copies of files uploaded are retained and accessible centrally without having to go into each of the system those files where uploaded to.


To accomplish this product proposition, the system and its operation has to provide several functionalities:

    • 1. A way to participate in the upload and download of files to and from any number of SaaS based file sharing applications that typically are connected over the Internet or some other wide area network, and the files are available by means of a process executed in compliance with the wide area network data transport protocols.
    • 2. A policy based system which inserts itself between such an upload or download
    • 3. Deep integrations into incumbent ECM/DMS systems
    • 4. Most importantly, a user interface which users prefer to use over and above what they get from using a browser to access SaaS based file sharing tools. Key to accomplishing the last task is to not in any way reduce the offering of the SaaS vendor but provide additional functionality and control to the user on top of the experience delivered.


The invention essentially participates in the upload and download of files from the user's computer (or an incumbent ECM/DMS system the user is using) to one or more SaaS based 3rd party systems or internal systems that the organization uses. By user computer, a desktop, laptop, tablet or smartphone may be used. To accomplish this, the user operates an application that embodies the invention (referred to as the Workshare App) which provides access to 3rd party SaaS application and provides enhanced functionality to upload and download files from the user's computer (or a DMS system the user is using) to and from the 3rd party system or the organization's internal systems. See FIG. 2.


The invention is different than a traditional DMS (document management system) because in one embodiment, the user's computing device accesses data items from a web-accessed server and executes scripts that come down from the server side of the network. Alternative embodiments include a dedicated application operating on the user's device that executes code that is transmitted to the application from the server. Unlike traditional DMS, the embodiments of the invention control the upload of files to cloud storage services in order to apply the various security features described herein. The use of the browser has the added security that the file first traverses the server or computer embodying the invention so that the file may be inspected and its further distribution controlled.


To illustrate how this works, consider the following workflow where a user would like to upload a file from their DMS to a 3rd party SaaS system that operates as a file repository.


In one embodiment, the invention includes the implementation on a user's computer of a Subclass that replaces the browser file handling functions such that javascript (or native HTML) that tries to access files for upload must first pass the request through the subclass code (or code called by the subclass) to select files and additionally run security policy tests on the reference to the selected file as well as the selected file data itself.


In the preferred embodiment the subclass is a plug-in customized for the specific browser program operating on the user's computer. Therefore, in this embodiment, a user will select an install package specific for the browser that operates on their computer. To the extent they operate a browser that does not have the subclass replacement code module, the security function may be impaired. However, it is envisioned that the invention will include a browser cookie function that places a cookie on the user's computer when the subclass component is first installed. Then, when the component is called to check on a file upload, the server side can request the cookie to confirm that the file being uploaded has been accessed using the installed component rather than another browser.


In another embodiment the subclass is installed to work with a program that operates to provide document access across the Internet over HTTP or similar protocols, referred to as an “app.” In this case, the app will call for file access, but the additional subclass will trap the request so that the document use policy evaluation may be applied to the request.


The subclass component implements a policy evaluation is applied to each document selection—it is independent of the location that the file originated from, including the DMS where it may be stored. In one embodiment the subclass operating on the user's computer executes the policy testing. In another embodiment, the subclass component calls on server functions to check the file before passing it to its destination.


When prior art DMS is integrated into a word processor application, it runs as a “macro” in that application, typically a word-processing program, the macro being a set of commands that can be interpreted by the application itself. In one example, the file is fetched from the DMS server, and will end up as the opened document in the word processing application. The destination of the file will be the application that has launched the file open. Where the file ends up is not tracked by the DMS, rather, the DMS manages the storage of the document.


The invention implements an additional layer of control over access to the file and is distinct from the traditional DMS implementation in several ways:

    • 1. In the word processing application, for example,—the DMS “file open” dialog on the user interface replaces the existing word processor open dialog by means of the macro functionality in the word processor. In contrast, the invention intercepts the file open, file save, file attach and similar commands that are expressed in the object classes in order that the invention process file access and usage policy as a filtering mechanism between the browser, app or HTTP compatible code and the file dialog code operating on the word processer, email program or other application.
    • 2. In addition, the word processing application (office application) which is running code on the local user's computer device is distinct from the browser which renders HTML/javascript delivered from the server and presents documents as an object displayed in the browser window.
    • 3. When the invention is operating, the browser application operating on the user's computer is not the destination of the opened document—the destination is a server application identified by the URL of the web site being browsed or otherwise accessed by the javascript or other plug-in working with the browser. In contrast, in the word processing application (or other office type application), the destination is the office application itself
    • 4. The browser destination indicator that is both presented to the user (which references an external server location) and used to process security policy for the selected file, forms part of the policy evaluation process. The destination indicator can be stored in a database that associates a user identifier, the destination indicator, other relevant transaction data (e.g. time of day, date) with the document itself, so that the usage of the document and its destination can be systematically accessed to police document usage policies.


To illustrate how this works, consider the following workflow where a user would like to upload a file from their DMS to a 3rd party, external SaaS system (See FIG. 4):

    • 1. User opens the file access function operating through the browser and navigates to the external cloud storage folder where the file is to be uploaded. This could also be implemented as a browser plugin that implements this functionality within a generic web browser such as Chrome, Firefox, IE, etc. Interacting with the javascript module that performs the upload/download. In an alternative embodiment, an “app” integrates the functionality. An alternative embodiment would integrate the functionality with synchronization or upload apps provided by third party cloud storage companies, where such applications have a method of extensibility that allows code to be run before an upload event to check that the upload is allowed. In such cases the security policy evaluation would be performed by the invention as part of that pre-upload check.
    • 2. User clicks ‘Upload’ which is a standard Upload button rendered in the page received from the cloud file storage service provider.
    • 3. Instead of being presented with a standard “File Open” dialog, the user is presented with the invention's special File Open dialog which could render any of the following:
      • a. A file selector of all known files for the user
      • b. A DMS File Open dialog for the user to search for the file they want to upload within the DMS.
      • c. A standard File Open dialog to select a file from their file system on their computer device.
    • 4. The user selects the file to upload.
    • 5. Before the file or a pointer to the file is handed to the destination (which in this example is the cloud service provider, that is, before it is handed to the javascript component of the web page of the cloud service provider that will do the file upload), the invention code runs a policy check against the file and performs any policy actions required, which might include:
      • a. Converting the file to another format (for example, Word to PDF)
      • b. Removing hidden metadata, comments or other confidential information from the file.
      • c. Redacting or modifying the file in some way to remove or obscure confidential information.
      • d. Blocking the upload based on metadata attributes associated with the file, document content or context derived from the DMS system which prohibits this file from being published or a general policy evaluation/violation. In this step, metadata extracted from the file or associated with the file by means of the DMS is logically tested against policy rules stored in the invention's systems. The result of the logical test then drives the permission level.
      • e. Encryption of the file using predetermined keys or a key requested from the user through a dialogue box.
      • f. DRM—restricting access rights based on the identity of the receiver or the location of the upload.
      • g. Notification to a central authority, for example, by an email transmitted to a person who, according to the security database.
      • h. Logging of the upload action, which may include notifications of additional systems that have interest in document location or content (e.g., document genealogy system).
      • i. Action could include fingerprint(s) of the document being uploaded.
      • j. Actions could also include making subtle changes to the document so that this copy can be identified later (canary trap), or by means of stenography.
      • k. Digital signature of the document may be performed as an action.
      • l. Variables that may be used as part of policy evaluation logic may include:
        • Web site to which the document will be uploaded
        • full current URL of the browser performing the upload
        • The source document location
        • The document metadata
        • the document content
        • Identity of the user performing the upload
        • *IP address, computer name
        • Blacklist/whitelist information that may be stored as part of the policy definition
        • Previous history of actions by same or other users


          The policy data associated with the document may be updated using any metadata that can be collected in connection with the usage of the document, for example, the destination of the upload, or source of the download, the user, the date, time, the IP address of the local device, an email address of an email object that the document is attached to.
    • 6. After the policy checks are performed, the file (or a pointer to it) is handed to the external SaaS application which then dutifully uploads the file to whichever location it wanted to.
    • 7. The whole transaction may be tracked by the app, so a record of this user uploading this file, at this time, from this source, to this destination can be recorded in both the local database and pushed to a selected cloud software service provider through their services APIs.
      • a. This information can be used for subsequent reporting.
      • b. Additionally, this information will be stored in order to be used to provide remembered context for the user, so—for example—the invention remembers where files have been published to so any subsequent edits made to the local copy of the same document file can be easily re-published. the user can also override this saved context.


In yet another embodiment of this invention, a custom web browser may be used with a computer system that implements advance file selection dialogs with DMS and policy integration. This may be built using open source code from a typical web browser. An implementation of this strategy using Chromium Extension Framework™ is described in more detail below.


In yet another embodiment of this invention uses customized file selection dialog boxes in the user interface that are integrated into an existing web browser either via a browser add-in or an extension or by customization at a lower level (for instance selectively replacing or modifying the operating system file selection dialogs).


A further embodiment of the invention would be an application that uses the public APIs of various 3rd party SAAS providers and rendering the information received via those APIs to show a representation of the files and or folders available to the user within the SAAS service. See FIG. 1. The distinction of this embodiment is that the rendering of the available content to the user is not performed by showing web pages originating from the SaaS provider within a web browser or web browser-like program. See FIG. 3.


The data related to an upload event that will be stored in the log or passed on to other systems that record or act due to the upload event may include:

    • The identity of the user performing the upload
    • The name and source location of the file being uploaded
    • The destination that the file is/would be uploaded to
    • Relevant document metadata
    • Time and date of the upload action
    • Identifying information/location of the computer system used to make the upload such as machine name or IP address
    • Details of the actions that were performed as a result of policy evaluation—e.g., block, redact, clean, file format transformation, etc.


The key to the process outlines above is that because the pages from the 3rd party SaaS application are being contained in the Workshare App, which is able to provide a different File Open and File Save function to which a standard browser rendering the same pages would provide. The SaaS application or other 3rd party system is none the wiser—there is no specific integration between the Workshare App and the SaaS provider, it is simply that the JavaScript on the page is delegating the task of providing the file to the browser yet it is the Workshare Apps own implementation of this file selection function that is executed.


The key workflow can be summarized to the following:


1. User initiates an upload process, but instead of the normal web-browser response, Workshare App intercepts to provide the response.


2. User selects the file from whichever source, using a dialog provided by another system (DMS system for example).


3. The Workshare App process runs a security protocol on the file (or files) before passing the file (or its pointer) to the calling application, for example, the web-browser.


One embodiment of the invention is composed of Chromium Extension Framework (CEF) which is an open source version of the Chrome browser. This may be packaged as part of the Workshare App. In one embodiment, the invention is sub-classing CefDialogHandler which is detailed here, which is incorporates by reference the following software documentation:














http://magpcss.org/ceforum/apidocs3/projects/(default)/CefDialogHandler.html


CefDialogHandler is a class used to handle user interface dialog events. The methods of


this class will be called on the browser process user interface thread. The class has a


method OnFileDialog, depicted below:


public virtual bool OnFileDialog( CefRefPtr< CefBrowser > browser,


CefDialogHandler::FileDialogMode mode, const CefString& title, const CefString&


default_file_path, const std::vector< CefString >& accept_filters, int


selected_accept_filter, CefRefPtr< CefFileDialogCallback > callback );









The method is called to run a file chooser dialog. |mode| represents the type of dialog to display. |title| is the title to be used for the dialog and may be empty to show the default title (“Open” or “Save” depending on the mode). |default_file_path| is the path with optional directory and/or file name component that should be initially selected in the dialog. |accept_filters| are used to restrict the selectable file types and may any combination of (a) valid lower-cased MIME types (e.g. “text/*” or “image/*”), (b) individual file extensions (e.g. “.txt” or “.png”), or (c) combined description and file extension delimited using “|” and “;” (e.g. “Image Types|png;.gif;.jpg”). |selected_accept_filter| is the 0-based index of the filter that should be selected by default. To display a custom dialog, return true and execute |callback| either inline or at a later time. To display the default dialog return false.


Implementing “CefDialogHandler::OnFileDialog” allows the invention to replace the default browser dialogs for “Open File” and “Save File”. This function allows the invention to show the Workshare file selector user interface and then return a single, or multiple, absolute local file name(s) that can then be uploaded or accessed in the usual way in the loaded web page or java script.

    • 1) The preferred implementation of “CefDialogHandler::OnFileDialog” gets called to handle an open file query (e.g. the method is triggered by the user clicking on this html element: <input type=“file”>). See FIG. 5.
    • 2) For example, if a DMS is installed;
      • the application uses a the DovProvider calls to show an “Open File” dialog to select a file from within the DMS.
      • the application saves a temporary copy of this file from the DMS to the local file storage on the user computer operating the Workshare App or a central server operating the Workshare App that is being accessed by the user's device.
    • 3) As a further example, the Workshare App is configured for Workshare to supply a list of files
      • The system provides a dialog box and protocol to the user to select a file
      • The system copies the selected file to a temp location. The key point is that after the user has selected a file (e.g., pressed OK on the dialog), but before the filename/content is passed back to the javascript/main browser code, the policy check will by the system to determine if the upload is allowable and to determine any additional actions to be performed.
    • 4) At this point the invention applies a security policy to this temp local copy.
    • 5) The invention returns from “CefDialogHandler::OnFileDialog” the absolute local file name of this temp copy. In the case that the file needs to be modified as a result of the actions specified by policy, the modified copy of the file will be stored as a local temporary file and that will be the file that is given to the main browser javascript/code.
    • 6) At this point execution has returned to the web page/JavaScript which can now process the temp file as though it was manually selected from the local file store in the first place.


A similar process may be used for file uploads, as depicted in FIG. 6. The same process may be used without an incumbent DMS. The process outlined above does not depend on their being a DMS system on the user's computer. In this case, the user would be offered files from their local computer, server or from a list of files they have stored in Workshare. All other parts of the workflow outlined above are still valid.


Using this method, the invention may be integrated for all of the above functionalities with any API based, client side (API installed on the user's computer) document management systems. Furthermore, the invention may be integrated to add both SaaS providers and client side API based systems to provide an ever growing mesh of integrations between each of these systems.


The invention stores data in its database (109) that may include the following fields for a transaction involving a document:

    • Source of uploaded document (i.e. an identifier which may include one or more of: a service identifier such as DMS or FileStore, a server identifier, a path or folder identifier, a file name identifier and a version identifier).
    • A user identifier indicating who performed the upload.
    • Date and time of upload.
    • Size of the uploaded file.
    • The SaaS service that the file was uploaded to (note that this is not a complete identifier of where on the SaaS platform the file has been stored, just an identifier of which SaaS platform was selected—this field may be just ‘service.net’ not ‘service.net/user/123/folder/23456/file/1238972342’.


Additional information to be stored in the database might include:

    • A summary of metadata discovered in the document before upload.
    • Information on content policies triggered by the upload of the document.
    • Full location information specifying the exact location of the uploaded document.


However, full location information (i.e. a full URL to the place it was uploaded) may not be available at the time of upload, but may be deduced later (for instance by inspecting the SaaS platform contents using an appropriate API and the user's credentials and finding a file that matches the size and upload time).


In another embodiment, the system receives a link to the file on the third party DMS, and then automatically exercises the link to obtain the file. The file is transferred to the user's device for display or editing. When the user is finished, the database can save the revised file as a new version on its server. Alternatively, the server can run the file upload process to return the new version up to the third party DMS. In addition, the invention can run a comparison of the user's revised file with the obtained version.


Operating Environment: The system is typically comprised of a central server that is connected by a data network to a user's computer. The central server may be comprised of one or more computers connected to one or more mass storage devices. The precise architecture of the central server does not limit the claimed invention. Further, the user's computer may be a laptop or desktop type of personal computer. It can also be a cell phone, smart phone or other handheld device, including a tablet. The precise form factor of the user's computer does not limit the claimed invention. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to, personal computers, server computers, hand-held, laptop or mobile computer or communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like. The precise form factor of the user's computer does not limit the claimed invention. In one embodiment, the user's computer is omitted, and instead a separate computing functionality provided that works with the central server. In this case, a user would log into the server from another computer and access the system through a user environment.


The user environment may be housed in the central server or operatively connected to it. Further, the user may receive from and transmit data to the central server by means of the Internet, whereby the user accesses an account using an Internet web-browser and browser displays an interactive web page operatively connected to the central server. The central server transmits and receives data in response to data and commands transmitted from the browser in response to the customer's actuation of the browser user interface. Some steps of the invention may be performed on the user's computer and interim results transmitted to a server. These interim results may be processed at the server and final results passed back to the user.


The method described herein can be executed on a computer system, generally comprised of a central processing unit (CPU) that is operatively connected to a memory device, data input and output circuitry (IO) and computer data network communication circuitry. Computer code executed by the CPU can take data received by the data communication circuitry and store it in the memory device. In addition, the CPU can take data from the I/O circuitry and store it in the memory device. Further, the CPU can take data from a memory device and output it through the IO circuitry or the data communication circuitry. The data stored in memory may be further recalled from the memory device, further processed or modified by the CPU in the manner described herein and restored in the same memory device or a different memory device operatively connected to the CPU including by means of the data network circuitry. The memory device can be any kind of data storage circuit or magnetic storage or optical device, including a hard disk, optical disk or solid state memory. The IO devices can include a display screen, loudspeakers, microphone and a movable mouse that indicate to the computer the relative location of a cursor position on the display and one or more buttons that can be actuated to indicate a command.


The computer can display on the display screen operatively connected to the I/O circuitry the appearance of a user interface. Various shapes, text and other graphical forms are displayed on the screen as a result of the computer generating data that causes the pixels comprising the display screen to take on various colors and shades. The user interface also displays a graphical object referred to in the art as a cursor. The object's location on the display indicates to the user a selection of another object on the screen. The cursor may be moved by the user by means of another device connected by I/O circuitry to the computer. This device detects certain physical motions of the user, for example, the position of the hand on a flat surface or the position of a finger on a flat surface. Such devices may be referred to in the art as a mouse or a track pad. In some embodiments, the display screen itself can act as a trackpad by sensing the presence and position of one or more fingers on the surface of the display screen. When the cursor is located over a graphical object that appears to be a button or switch, the user can actuate the button or switch by engaging a physical switch on the mouse or trackpad or computer device or tapping the trackpad or touch sensitive display. When the computer detects that the physical switch has been engaged (or that the tapping of the track pad or touch sensitive screen has occurred), it takes the apparent location of the cursor (or in the case of a touch sensitive screen, the detected position of the finger) on the screen and executes the process associated with that location. As an example, not intended to limit the breadth of the disclosed invention, a graphical object that appears to be a 2 dimensional box with the word “enter” within it may be displayed on the screen. If the computer detects that the switch has been engaged while the cursor location (or finger location for a touch sensitive screen) was within the boundaries of a graphical object, for example, the displayed box, the computer will execute the process associated with the “enter” command. In this way, graphical objects on the screen create a user interface that permits the user to control the processes operating on the computer.


The invention may also be entirely executed on one or more servers. A server may be a computer comprised of a central processing unit with a mass storage device and a network connection. In addition a server can include multiple of such computers connected together with a data network or other data transfer connection, or, multiple computers on a network with network accessed storage, in a manner that provides such functionality as a group. Practitioners of ordinary skill will recognize that functions that are accomplished on one server may be partitioned and accomplished on multiple servers that are operatively connected by a computer network by means of appropriate inter process communication. In addition, the access of the website can be by means of an Internet browser accessing a secure or public page or by means of a client program running on a local computer that is connected over a computer network to the server. A data message and data upload or download can be delivered over the Internet using typical protocols, including TCP/IP, HTTP, TCP, UDP, SMTP, RPC, FTP or other kinds of data communication protocols that permit processes running on two remote computers to exchange information by means of digital network communication. As a result a data message can be a data packet transmitted from or received by a computer containing a destination network address, a destination process or application identifier, and data values that can be parsed at the destination computer located at the destination network address by the destination application in order that the relevant data values are extracted and used by the destination application. The precise architecture of the central server does not limit the claimed invention. In addition, the data network may operate with several levels, such that the user's computer is connected through a fire wall to one server, which routes communications to another server that executes the disclosed methods.


The user computer can operate a program that receives from a remote server a data file that is passed to a program that interprets the data in the data file and commands the display device to present particular text, images, video, audio and other objects. The program can detect the relative location of the cursor when the mouse button is actuated, and interpret a command to be executed based on location on the indicated relative location on the display when the button was pressed. The data file may be an HTML document, the program a web-browser program and the command a hyper-link that causes the browser to request a new HTML document from another remote data network address location. The HTML can also have references that result in other code modules being called up and executed, for example, Flash or other native code.


Those skilled in the relevant art will appreciate that the invention can be practiced with other communications, data processing, or computer system configurations, including: wireless devices, Internet appliances, hand-held devices (including personal digital assistants (PDAs)), wearable computers, all manner of cellular or mobile phones, multi-processor systems, microprocessor-based or programmable consumer electronics, set-top boxes, network PCs, minicomputers, mainframe computers, and the like. Indeed, the terms “computer,” “server,” and the like are used interchangeably herein, and may refer to any of the above devices and systems.


In some instances, especially where the user computer is a mobile computing device used to access data through the network the network may be any type of cellular, IP-based or converged telecommunications network, including but not limited to Global System for Mobile Communications (GSM), Time Division Multiple Access (TDMA), Code Division Multiple Access (CDMA), Orthogonal Frequency Division Multiple Access (OFDM), General Packet Radio Service (GPRS), Enhanced Data GSM Environment (EDGE), Advanced Mobile Phone System (AMPS), Worldwide Interoperability for Microwave Access (WiMAX), Universal Mobile Telecommunications System (UMTS), Evolution-Data Optimized (EVDO), Long Term Evolution (LTE), Ultra Mobile Broadband (UMB), Voice over Internet Protocol (VoIP), or Unlicensed Mobile Access (UMA).


The Internet is a computer network that permits customers operating a personal computer to interact with computer servers located remotely and to view content that is delivered from the servers to the personal computer as data files over the network. In one kind of protocol, the servers present webpages that are rendered on the customer's personal computer using a local program known as a browser. The browser receives one or more data files from the server that are displayed on the customer's personal computer screen. The browser seeks those data files from a specific address, which is represented by an alphanumeric string called a Universal Resource Locator (URL). However, the webpage may contain components that are downloaded from a variety of URL's or IP addresses. A website is a collection of related URL's, typically all sharing the same root address or under the control of some entity. In one embodiment different regions of the simulated space have different URL's. That is, the simulated space can be a unitary data structure, but different URL's reference different locations in the data structure. This makes it possible to simulate a large area and have participants begin to use it within their virtual neighborhood.


Computer program logic implementing all or part of the functionality previously described herein may be embodied in various forms, including, but in no way limited to, a source code form, a computer executable form, and various intermediate forms (e.g., forms generated by an assembler, compiler, linker, or locator.) Source code may include a series of computer program instructions implemented in any of various programming languages (e.g., an object code, an assembly language, or a high-level language such as C, C++, C#, Action Script, PHP, EcmaScript, JavaScript, JAVA, or HTML) for use with various operating systems or operating environments. The source code may define and use various data structures and communication messages. The source code may be in a computer executable form (e.g., via an interpreter), or the source code may be converted (e.g., via a translator, assembler, or compiler) into a computer executable form.


The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer program and data may be fixed in any form (e.g., source code form, computer executable form, or an intermediate form) either permanently or transitorily in a tangible storage medium, such as a semiconductor memory device (e.g., a RAM, ROM, PROM, EEPROM, or Flash-Programmable RAM), a magnetic memory device (e.g., a diskette or fixed hard disk), an optical memory device (e.g., a CD-ROM or DVD), a PC card (e.g., PCMCIA card), or other memory device. The computer program and data may be fixed in any form in a signal that is transmittable to a computer using any of various communication technologies, including, but in no way limited to, analog technologies, digital technologies, optical technologies, wireless technologies, networking technologies, and internetworking technologies. The computer program and data may be distributed in any form as a removable storage medium with accompanying printed or electronic documentation (e.g., shrink wrapped software or a magnetic tape), preloaded with a computer system (e.g., on system ROM or fixed disk), or distributed from a server or electronic bulletin board over the communication system (e.g., the Internet or World Wide Web.) It is appreciated that any of the software components of the present invention may, if desired, be implemented in ROM (read-only memory) form. The software components may, generally, be implemented in hardware, if desired, using conventional techniques.


The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices. Practitioners of ordinary skill will recognize that the invention may be executed on one or more computer processors that are linked using a data network, including, for example, the Internet. In another embodiment, different steps of the process can be executed by one or more computers and storage devices geographically separated by connected by a data network in a manner so that they operate together to execute the process steps. In one embodiment, a user's computer can run an application that causes the user's computer to transmit a stream of one or more data packets across a data network to a second computer, referred to here as a server. The server, in turn, may be connected to one or more mass data storage devices where the database is stored. The server can execute a program that receives the transmitted packet and interpret the transmitted data packets in order to extract database query information. The server can then execute the remaining steps of the invention by means of accessing the mass storage devices to derive the desired result of the query. Alternatively, the server can transmit the query information to another computer that is connected to the mass storage devices, and that computer can execute the invention to derive the desired result. The result can then be transmitted back to the user's computer by means of another stream of one or more data packets appropriately addressed to the user's computer. In one embodiment, the relational database may be housed in one or more operatively connected servers operatively connected to computer memory, for example, disk drives. In yet another embodiment, the initialization of the relational database may be prepared on the set of servers and the interaction with the user's computer occur at a different place in the overall process.


It should be noted that the flow diagrams are used herein to demonstrate various aspects of the invention, and should not be construed to limit the present invention to any particular logic flow or logic implementation. The described logic may be partitioned into different logic blocks (e.g., programs, modules, functions, or subroutines) without changing the overall results or otherwise departing from the true scope of the invention. Oftentimes, logic elements may be added, modified, omitted, performed in a different order, or implemented using different logic constructs (e.g., logic gates, looping primitives, conditional logic, and other logic constructs) without changing the overall results or otherwise departing from the true scope of the invention.


The described embodiments of the invention are intended to be exemplary and numerous variations and modifications will be apparent to those skilled in the art. All such variations and modifications are intended to be within the scope of the present invention as defined in the appended claims. Although the present invention has been described and illustrated in detail, it is to be clearly understood that the same is by way of illustration and example only, and is not to be taken by way of limitation. It is appreciated that various features of the invention which are, for clarity, described in the context of separate embodiments may also be provided in combination in a single embodiment. Conversely, various features of the invention which are, for brevity, described in the context of a single embodiment may also be provided separately or in any suitable combination.


The foregoing description discloses only exemplary embodiments of the invention. Modifications of the above disclosed apparatus and methods which fall within the scope of the invention will be readily apparent to those of ordinary skill in the art. Accordingly, while the present invention has been disclosed in connection with exemplary embodiments thereof, it should be understood that other embodiments may fall within the spirit and scope of the invention as defined by the following claims.

Claims
  • 1. A computer executed method of securing a file access request between a device and an external file server with a corresponding location data, said device executing a program using a file location access protocol that is invoked by at least one object class and said external file server being accessible by the device as a wide area network protocol location, comprising: Operating an intercept process where said intercept process is invoked as a subclass of one of the at least one invoked file location access protocol object classes, and said intercept process intercepts the request by the invoked object class to access the external file server, where the request designates the external file server location in accordance with a wide area network protocol;Said invoked intercept process passing to a security inspection process the external file server location extracted from the data representing the intercepted request;executing the security inspection process on the extracted data; andin dependence on the result of the security inspection process, the intercept process either permitting or blocking the execution of the request.
  • 2. The method of claim 1 where the program is an Internet browser program and the wide area network protocol is the HTTP or HTTPS protocol.
  • 3. The method of claim 2 where the request by the browser is implemented by interpreting a script received by the device and passed to the browser program.
  • 4. The method of claim 1 where the program is a dedicated application operating on the device that interprets a script transmitted to the application from the external file server.
  • 5. The method of claim 3 or 4 where upon the security inspection protocol result being to permit the request, either the file or a pointer to the file being passed to the interpreted script process.
  • 6. The method of claim 1 further comprising: receiving as input into the file access protocol at least one parameter.
  • 7. The method of claim 4 where the intercept process intercepts the file access request made by the program making the file access request and upon a determination by the security process that the request is permitted, delivering either the requested file or a pointer to the file requested by the program, where the intercept process is a separate program from the program making the file access request.
  • 8. The method of claim 1 where the security inspection process is executed on the device.
  • 9. The method of claim 1 further comprising: receiving at least one parameter as input into the file access protocol;transmitting the at least one parameter input into the file access protocol to a remote security server that executes the security inspection process; andreceiving data representing the security inspection process result.
  • 10. The method of claim 1 further comprising: on the device, installing computer code embodying the file access request intercept process; andupon installation of the computer code, storing on the device a token data associated with the installed computer code.
  • 11. The method of claim 10 further comprising: receiving at the security server the stored token data; andusing the received token data as an input into the security inspection process.
  • 12. The method of claim 1 further comprising: storing in a data record the location data and at least one of the at least one parameters input into the intercepted file access request protocol.
  • 13. The method of claim 12 where the storing step is performed on an external security server.
  • 14. The method of claim 1 where the location data is at least part of a URL of the external file server.
  • 15. The method of claim 6 where the at least one parameter is a user identifier associated with the device.
  • 16. The method of claim 1 where the location data is a full URL of a browser application making the request.
  • 17. The method of claim 6 where the at least one parameter is at least part of a metadata associated with the requested file.
  • 18. The method of claim 6 where the at least one parameter is an at least part of the data comprising the requested file.
  • 19. The method of claim 6 where the at least one parameter is a time and date of the request.
  • 20. The method of claim 1 further comprising: executing a security action in dependence on an output of the security inspection process.
  • 21. The method of claim 20 where the security action is executed before transmitting the file and comprises one of: converting the format of the requested file, removing metadata from the requested file, removing at least part of the data comprising the requested file, encrypting the requested file using a predetermined encryption key, transmitting a message from the security server comprising an alert that the request for the file was made, generating a data value representing a fingerprint of the requested file, generating a digital signature for the requested file, inserting steganographic data into the requested file.
  • 22. A computer system for automatically managing the movement of document files from a first document storage sub-system to a second document storage sub-system comprising: a module adapted by logic executing on a first computer comprising the system to execute a first file selection procedure using as input commands received from a user interacting with the first computer in order to select a document stored on the first sub-system;a module adapted by logic to execute on the first computer a first application programming interface protocol associated with the first sub-system in order to use the output of the first file selection procedure to submit to the first sub-system a request to obtain the selected document from the first sub-system;a module adapted by logic executing on the first computer to receive from the first sub-system the selected document and store the document;a module adapted by logic executed by the first computer to execute a second destination selection procedure process using as input commands and data received from the user in order to select a destination comprised of the second sub-system; anda module adapted by logic to invoke an object class as a second application programming interface associated with the second sub-system in order to use the output of the destination selection procedure and to transmit the selected document to the second sub-system; anda module adapted by logic to invoke as a sub-class to the invoked object class an intercept process that intercepts the destination selection process where the invoked subclass passes data representing the output of the destination selection procedure to a security inspection process.
  • 23. The system of claim 22: where the module adapted by logic to execute a security inspection process is further adapted by logic to apply a security policy to a selected document and a selected destination and in dependence on the output of such security policy, permit or deny transmitting the selected document to the second sub-system.
  • 24. The system of claim 22 further comprising: a database adapted by logic to store a data record associated with the selected document comprised of data representing at least one of: the identity of the user, the identity of the selected destination, a date and time of the receipt of the selected document, a date and time of the transmission of the selected document, the identity of the second sub-system.
  • 25. The system of claim 22 further comprising: a module adapted by logic to perform one of: convert the format of the selected document file, remove hidden metadata, comments or confidential information from the selected document file, redact at least part of the selected document file.
  • 26. The system of claim 22 further comprising: a module that is adapted by logic to present to the user a user interface of an application program file selection process;a module adapted by logic to intercept an executing file selection process of the application program file in order to determine a file selection designation input by the user;a module adapted by logic to transform the determined file selection designation into a command to the first sub-system to obtain the file designated by the intercepted file selection designation and to receive the file;a module adapted by logic that passes the received file or a pointer to the received file to the application.
  • 27. The system of claim 22 further comprising: a module adapted by logic to store a data structure associated with the received selected file that maps a first predetermined set of document file attributes associated with a first document management system further corresponding to the first sub-system to a second predetermined set of document file attributes associated with a second document management system corresponding to the second sub-system; and data retrieved from the stored data structure to automatically generate the request to store the document on the second sub-system that conforms to the second application programming interface.
PRIORITY CLAIM

This utility application claims priority as a non-provisional application of U.S. Pat. App. No. 62/267,569, filed on Dec. 15, 2015; as a continuation-in-part of U.S. patent application Ser. No. 15/251,892, filed on Aug. 30, 2016 which is a non-provisional application of U.S. Pat. App. No. 62/213,611 filed on Sep. 2, 2015 and is a non-provisional application of U.S. Pat. App. No. 62/211,848 filed on Aug. 30, 2015; as a continuation-in-part to U.S. patent application Ser. No. 14/829,523 filed on Aug. 18, 2015, which is a continuation of U.S. patent application Ser. No. 13/803,231, filed on Mar. 14, 2013, now U.S. Pat. No. 9,170,990, issued on Oct. 27, 2015; as a continuation-in-part to U.S. patent application Ser. No. 13/962,096 filed on Aug. 8, 2013, which is a non-provisional of U.S. Pat. App. No. 61/858,154 filed on Jul. 25, 2013; and as a continuation-in-part to U.S. patent application Ser. No. 13/333,605, filed on Dec. 21, 2011, which is a non-provisional of U.S. Pat. App. No. 61/559,227, filed on Nov. 14, 2011 and a continuation-in-part of U.S. patent application Ser. No. 13/155,900, filed on Jun. 8, 2011, all of which are hereby incorporated by reference in their entireties for all that they teach.

US Referenced Citations (372)
Number Name Date Kind
4479195 Herr et al. Oct 1984 A
4949300 Christenson et al. Aug 1990 A
5008853 Bly et al. Apr 1991 A
5072412 Henderson, Jr. et al. Dec 1991 A
5220657 Bly et al. Jun 1993 A
5245553 Tanenbaum Sep 1993 A
5247615 Mori et al. Sep 1993 A
5293619 Dean Mar 1994 A
5379374 Ishizaki et al. Jan 1995 A
5446842 Schaeffer et al. Aug 1995 A
5608872 Schwartz et al. Mar 1997 A
5617539 Ludwig et al. Apr 1997 A
5619649 Kovnat et al. Apr 1997 A
5634062 Shimizu et al. May 1997 A
5671428 Muranaga et al. Sep 1997 A
5699427 Chow et al. Dec 1997 A
RE35861 Queen Jul 1998 E
5787175 Carter Jul 1998 A
5787444 Gerken et al. Jul 1998 A
5801702 Dolan et al. Sep 1998 A
5806078 Hug et al. Sep 1998 A
5819300 Kohno et al. Oct 1998 A
5832494 Egger et al. Nov 1998 A
5890177 Moody et al. Mar 1999 A
5897636 Kaeser Apr 1999 A
5898836 Freivald et al. Apr 1999 A
6003060 Aznar et al. Dec 1999 A
6012087 Freivald et al. Jan 2000 A
6029175 Chow et al. Feb 2000 A
6038561 Snyder et al. Mar 2000 A
6049804 Burgess et al. Apr 2000 A
6067551 Brown et al. May 2000 A
6088702 Plantz et al. Jul 2000 A
6128635 Ikeno Oct 2000 A
6145084 Zuili et al. Nov 2000 A
6189019 Blumer et al. Feb 2001 B1
6212534 Lo et al. Apr 2001 B1
6219818 Freivald et al. Apr 2001 B1
6243091 Berstis Jun 2001 B1
6263350 Wollrath et al. Jul 2001 B1
6263364 Najork et al. Jul 2001 B1
6269370 Kirsch Jul 2001 B1
6285999 Page Sep 2001 B1
6301368 Bolle et al. Oct 2001 B1
6317777 Skarbo et al. Nov 2001 B1
6321265 Najork et al. Nov 2001 B1
6327611 Everingham Dec 2001 B1
6336123 Inoue et al. Jan 2002 B2
6351755 Najork et al. Feb 2002 B1
6356937 Montville et al. Mar 2002 B1
6377984 Najork et al. Apr 2002 B1
6404446 Bates et al. Jun 2002 B1
6418433 Chakrabarti et al. Jul 2002 B1
6418453 Kraft et al. Jul 2002 B1
6424966 Meyerzon et al. Jul 2002 B1
6449624 Hammack et al. Sep 2002 B1
6505237 Beyda et al. Jan 2003 B2
6513050 Williams et al. Jan 2003 B1
6547829 Meyerzon et al. Apr 2003 B1
6556982 McGaffey et al. Apr 2003 B1
6560620 Ching May 2003 B1
6584466 Serbinis et al. Jun 2003 B1
6591289 Britton Jul 2003 B1
6594662 Sieffert et al. Jul 2003 B1
6596030 Ball et al. Jul 2003 B2
6614789 Yazdani et al. Sep 2003 B1
6658626 Aiken Dec 2003 B1
6662212 Chandhok et al. Dec 2003 B1
6738762 Chen et al. May 2004 B1
6745024 DeJaco et al. Jun 2004 B1
6832202 Schuyler et al. Dec 2004 B1
6918082 Gross Jul 2005 B1
7035427 Rhoads Apr 2006 B2
7085735 Hall et al. Aug 2006 B1
7107518 Ramaley et al. Sep 2006 B2
7113615 Rhoads et al. Sep 2006 B2
7152019 Tarantola et al. Dec 2006 B2
7155737 Lim Dec 2006 B1
7181492 Wen et al. Feb 2007 B2
7194761 Champagne Mar 2007 B1
7212955 Kirshenbaum et al. May 2007 B2
7233686 Hamid Jun 2007 B2
7240207 Weare Jul 2007 B2
7299504 Tiller et al. Nov 2007 B1
7321864 Gendler Jan 2008 B1
7356704 Rinkevich et al. Apr 2008 B2
7434164 Salesin et al. Oct 2008 B2
7454778 Pearson et al. Nov 2008 B2
7496841 Hadfield et al. Feb 2009 B2
7564997 Hamid Jul 2009 B2
7613770 Li Nov 2009 B2
7624447 Horowitz et al. Nov 2009 B1
7627613 Dulitz et al. Dec 2009 B1
7673324 Tirosh et al. Mar 2010 B2
7680785 Najork Mar 2010 B2
7685298 Day Mar 2010 B2
7694336 Rinkevich et al. Apr 2010 B2
7707153 Petito et al. Apr 2010 B1
7720256 Desprez et al. May 2010 B2
7730175 Roesch et al. Jun 2010 B1
7788235 Yeo Aug 2010 B1
7796309 Sadovsky et al. Sep 2010 B2
7797724 Calvin Sep 2010 B2
7818678 Massand Oct 2010 B2
7844116 Monga Nov 2010 B2
7857201 Silverbrook et al. Dec 2010 B2
7877790 Vishik et al. Jan 2011 B2
7890752 Bardsley et al. Feb 2011 B2
7903822 Hair et al. Mar 2011 B1
7941844 Anno May 2011 B2
7958101 Teugels et al. Jun 2011 B1
8005277 Tulyakov et al. Aug 2011 B2
8042112 Zhu et al. Oct 2011 B1
8117225 Zilka Feb 2012 B1
8145724 Hawks et al. Mar 2012 B1
8181036 Nachenberg May 2012 B1
8196030 Wang et al. Jun 2012 B1
8201254 Wilhelm et al. Jun 2012 B1
8233723 Sundaresan Jul 2012 B2
8286085 Denise Oct 2012 B1
8286171 More et al. Oct 2012 B2
8301994 Shah Oct 2012 B1
8316237 Felsher et al. Nov 2012 B1
8406456 More Mar 2013 B2
8473847 Glover Jun 2013 B2
8478995 Alculumbre Jul 2013 B2
8555080 More et al. Oct 2013 B2
8572388 Boemker et al. Oct 2013 B2
8620872 Killalea Dec 2013 B1
8635295 Mulder Jan 2014 B2
8732127 Rotterdam et al. May 2014 B1
8776190 Cavage et al. Jul 2014 B1
8797603 Dougherty et al. Aug 2014 B1
8839100 Donald Sep 2014 B1
9098500 Asokan et al. Aug 2015 B1
9311624 Diament et al. Apr 2016 B2
9652485 Bhargava et al. May 2017 B1
20010018739 Anderson et al. Aug 2001 A1
20010042073 Saether et al. Nov 2001 A1
20020010682 Johnson Jan 2002 A1
20020016959 Barton et al. Feb 2002 A1
20020019827 Shiman et al. Feb 2002 A1
20020023158 Polizzi et al. Feb 2002 A1
20020052928 Stern et al. May 2002 A1
20020063154 Hoyos et al. May 2002 A1
20020065827 Christie et al. May 2002 A1
20020065848 Walker et al. May 2002 A1
20020073188 Rawson, III Jun 2002 A1
20020087515 Swannack et al. Jul 2002 A1
20020099602 Moskowitz et al. Jul 2002 A1
20020120648 Ball et al. Aug 2002 A1
20020129062 Luparello Sep 2002 A1
20020136222 Robohm Sep 2002 A1
20020138744 Schleicher et al. Sep 2002 A1
20020159239 Amie et al. Oct 2002 A1
20020164058 Aggarwal et al. Nov 2002 A1
20030009518 Harrow et al. Jan 2003 A1
20030009528 Sharif et al. Jan 2003 A1
20030037010 Schmelzer Feb 2003 A1
20030046572 Newman et al. Mar 2003 A1
20030051054 Redlich et al. Mar 2003 A1
20030061260 Rajkumar Mar 2003 A1
20030061350 Masuoka et al. Mar 2003 A1
20030078880 Alley et al. Apr 2003 A1
20030084279 Campagna May 2003 A1
20030093755 Ramakrishnan May 2003 A1
20030097454 Yamakawa et al. May 2003 A1
20030112273 Hadfield Jun 2003 A1
20030115273 Delia et al. Jun 2003 A1
20030131005 Berry Jul 2003 A1
20030147267 Huttunen Aug 2003 A1
20030158839 Faybishenko et al. Aug 2003 A1
20030191799 Araujo et al. Oct 2003 A1
20030196087 Stringer et al. Oct 2003 A1
20030223624 Hamid Dec 2003 A1
20030233419 Beringer Dec 2003 A1
20030237047 Borson Dec 2003 A1
20040002049 Beavers et al. Jan 2004 A1
20040031052 Wannamaker et al. Feb 2004 A1
20040098347 Atkinson May 2004 A1
20040122659 Hourihane et al. Jun 2004 A1
20040128321 Hamer Jul 2004 A1
20040148567 Jeon et al. Jul 2004 A1
20040186851 Jhingan et al. Sep 2004 A1
20040187076 Ki Sep 2004 A1
20040225645 Rowney et al. Nov 2004 A1
20040261016 Glass et al. Dec 2004 A1
20050015707 Ji Jan 2005 A1
20050021980 Kanai Jan 2005 A1
20050038893 Graham Feb 2005 A1
20050055306 Miller et al. Mar 2005 A1
20050055337 Bebo et al. Mar 2005 A1
20050071755 Harrington et al. Mar 2005 A1
20050108293 Lipman et al. May 2005 A1
20050138350 Hariharan Jun 2005 A1
20050138540 Baltus et al. Jun 2005 A1
20050204008 Shinbrood Sep 2005 A1
20050251738 Hirano et al. Nov 2005 A1
20050251748 Gusmorino et al. Nov 2005 A1
20050256893 Perry Nov 2005 A1
20050268327 Starikov Dec 2005 A1
20050278421 Simpson Dec 2005 A1
20060005247 Zhang et al. Jan 2006 A1
20060013393 Ferchichi et al. Jan 2006 A1
20060021031 Leahy et al. Jan 2006 A1
20060047765 Mizoi et al. Mar 2006 A1
20060050937 Hamid Mar 2006 A1
20060059196 Sato et al. Mar 2006 A1
20060064717 Shibata et al. Mar 2006 A1
20060067578 Fuse Mar 2006 A1
20060069740 Ando Mar 2006 A1
20060075041 Antonoff et al. Apr 2006 A1
20060098850 Hamid May 2006 A1
20060112120 Rohall May 2006 A1
20060129627 Phillips Jun 2006 A1
20060158676 Hamada Jul 2006 A1
20060171588 Chellapilla et al. Aug 2006 A1
20060184505 Kedem Aug 2006 A1
20060190493 Kawai et al. Aug 2006 A1
20060218004 Dworkin et al. Sep 2006 A1
20060218643 DeYoung Sep 2006 A1
20060224589 Rowney Oct 2006 A1
20060236246 Bono et al. Oct 2006 A1
20060261112 Todd et al. Nov 2006 A1
20060271947 Lienhart et al. Nov 2006 A1
20060272024 Huang et al. Nov 2006 A1
20060277229 Yoshida et al. Dec 2006 A1
20060294468 Sareen et al. Dec 2006 A1
20060294469 Sareen et al. Dec 2006 A1
20070005589 Gollapudi Jan 2007 A1
20070011211 Reeves et al. Jan 2007 A1
20070025265 Porras et al. Feb 2007 A1
20070027830 Simons et al. Feb 2007 A1
20070038704 Brown et al. Feb 2007 A1
20070094510 Ross et al. Apr 2007 A1
20070100991 Daniels et al. May 2007 A1
20070101154 Bardsley et al. May 2007 A1
20070101413 Vishik et al. May 2007 A1
20070112930 Foo et al. May 2007 A1
20070150443 Bergholz et al. Jun 2007 A1
20070174766 Rubin et al. Jul 2007 A1
20070179967 Zhang Aug 2007 A1
20070192728 Finley et al. Aug 2007 A1
20070220061 Tirosh et al. Sep 2007 A1
20070220068 Thompson et al. Sep 2007 A1
20070253608 Tulyakov et al. Nov 2007 A1
20070261099 Broussard et al. Nov 2007 A1
20070261112 Todd et al. Nov 2007 A1
20070294318 Arora et al. Dec 2007 A1
20070294612 Drucker et al. Dec 2007 A1
20070299880 Kawabe et al. Dec 2007 A1
20080022003 Alve Jan 2008 A1
20080028017 Garbow et al. Jan 2008 A1
20080033913 Winburn Feb 2008 A1
20080034282 Zernik Feb 2008 A1
20080034327 Cisler et al. Feb 2008 A1
20080065668 Spence et al. Mar 2008 A1
20080080515 Tombroff et al. Apr 2008 A1
20080082529 Mantena et al. Apr 2008 A1
20080091465 Fuschino et al. Apr 2008 A1
20080091735 Fukushima et al. Apr 2008 A1
20080162527 Pizano et al. Jul 2008 A1
20080177782 Poston et al. Jul 2008 A1
20080209001 Boyle et al. Aug 2008 A1
20080215667 Rothbarth et al. Sep 2008 A1
20080219495 Hulten et al. Sep 2008 A1
20080235760 Broussard et al. Sep 2008 A1
20080263363 Jueneman et al. Oct 2008 A1
20080275694 Varone Nov 2008 A1
20080288597 Christensen et al. Nov 2008 A1
20080301193 Massand Dec 2008 A1
20080306894 Rajkumar et al. Dec 2008 A1
20080310624 Celikkan Dec 2008 A1
20080320316 Waldspurger et al. Dec 2008 A1
20090025087 Peirson et al. Jan 2009 A1
20090030997 Malik Jan 2009 A1
20090034804 Cho et al. Feb 2009 A1
20090049132 Gutovski Feb 2009 A1
20090052778 Edgecomb et al. Feb 2009 A1
20090064326 Goldstein Mar 2009 A1
20090083073 Mehta et al. Mar 2009 A1
20090083384 Bhogal et al. Mar 2009 A1
20090129002 Wu et al. May 2009 A1
20090164427 Shields et al. Jun 2009 A1
20090177754 Brezina et al. Jul 2009 A1
20090183257 Prahalad Jul 2009 A1
20090187567 Rolle Jul 2009 A1
20090216843 Willner et al. Aug 2009 A1
20090222450 Zigelman Sep 2009 A1
20090234863 Evans Sep 2009 A1
20090241187 Troyansky Sep 2009 A1
20090271620 Sudhakar Oct 2009 A1
20090319480 Saito Dec 2009 A1
20100011077 Shkolnikov et al. Jan 2010 A1
20100011428 Atwood et al. Jan 2010 A1
20100017404 Banerjee et al. Jan 2010 A1
20100017850 More et al. Jan 2010 A1
20100049807 Thompson Feb 2010 A1
20100058053 Wood Mar 2010 A1
20100064004 Ravi et al. Mar 2010 A1
20100064372 More et al. Mar 2010 A1
20100070448 Omoigui Mar 2010 A1
20100076985 Egnor Mar 2010 A1
20100083230 Ramakrishnan Apr 2010 A1
20100114985 Chaudhary et al. May 2010 A1
20100114991 Chaudhary et al. May 2010 A1
20100131604 Portilla May 2010 A1
20100146382 Abe et al. Jun 2010 A1
20100174678 Massand Jul 2010 A1
20100174761 Longobardi et al. Jul 2010 A1
20100186062 Banti et al. Jul 2010 A1
20100217987 Shevade Aug 2010 A1
20100235763 Massand Sep 2010 A1
20100241943 Massand Sep 2010 A1
20100257352 Errico Oct 2010 A1
20100274765 Murphy et al. Oct 2010 A1
20100287246 Klos et al. Nov 2010 A1
20100299727 More et al. Nov 2010 A1
20100318530 Massand Dec 2010 A1
20100332428 McHenry et al. Dec 2010 A1
20110029625 Cheng et al. Feb 2011 A1
20110035655 Heineken Feb 2011 A1
20110041165 Bowen Feb 2011 A1
20110106892 Nelson et al. May 2011 A1
20110107106 Morii et al. May 2011 A1
20110125806 Park May 2011 A1
20110141521 Qiao Jun 2011 A1
20110145229 Vailaya et al. Jun 2011 A1
20110197121 Kletter Aug 2011 A1
20110225646 Crawford Sep 2011 A1
20110252098 Kumar Oct 2011 A1
20110252310 Rahaman et al. Oct 2011 A1
20110264907 Betz Oct 2011 A1
20110314384 Lindgren et al. Dec 2011 A1
20120011361 Guerrero et al. Jan 2012 A1
20120016867 Clemm et al. Jan 2012 A1
20120030563 Lemonik et al. Feb 2012 A1
20120036157 Rolle Feb 2012 A1
20120079267 Lee Mar 2012 A1
20120079596 Thomas et al. Mar 2012 A1
20120110092 Keohane et al. May 2012 A1
20120117096 Massand May 2012 A1
20120117644 Soeder May 2012 A1
20120131635 Huapaya May 2012 A1
20120133989 Glover May 2012 A1
20120136862 Glover May 2012 A1
20120136951 Mulder May 2012 A1
20120151316 Massand Jun 2012 A1
20120173881 Troller Jul 2012 A1
20120185511 Mansfield et al. Jul 2012 A1
20120246115 King et al. Sep 2012 A1
20120260188 Park et al. Oct 2012 A1
20120265817 Vidalenc et al. Oct 2012 A1
20120317239 Mulder Dec 2012 A1
20130007070 Pitschke Jan 2013 A1
20130060799 Massand Mar 2013 A1
20130074195 Johnston et al. Mar 2013 A1
20130097421 Lim Apr 2013 A1
20130212707 Donahue et al. Aug 2013 A1
20130219512 Lin Aug 2013 A1
20130227043 Murakami Aug 2013 A1
20130227397 Tvorun Aug 2013 A1
20140020050 Hoche Jan 2014 A1
20140032489 Hebbar et al. Jan 2014 A1
20140115436 Beaver et al. Apr 2014 A1
20140136497 Georgiev May 2014 A1
20140181223 Homsany et al. Jun 2014 A1
20140280336 Glover Sep 2014 A1
20140281872 Glover Sep 2014 A1
20150026464 Hanner et al. Jan 2015 A1
20150172058 Follis Jun 2015 A1
20160350270 Nakazawa Dec 2016 A1
Non-Patent Literature Citations (15)
Entry
Jain, “The Class of Java”, Aug. 23, 2010, published by Pearson India, original edition, excerpt pp. 1-15.
Classification Definitions, Data Processing: Presentation Processing of Document, Operator Interface Processing, and Screen Saver Display Processing; Feb. 2011; pp. 1-33.
Final office action dated Aug. 15, 2012 for U.S. Appl. No. 11/336,329 which published as U.S. Pub. No. 2007/0174766 for “Hidden document data removal” to Rubin et. al.
Greg Shultz. article “Keep Microsoft Office Documents Clean with iScrub,” published by TechRepublic.com on Jul. 9, 2003.
Mike Heck. Keep Sensitive Data Out of E-Mails. InfoWorld.com. Apr. 24, 2006.
Workshare Ltd. Workshare Protect 4.5 Admin Guide, (c) 2006.
Workshare Ltd. Workshare Protect 4.5 User Guide, (c) 2006.
Jain, Pravin. The class of JAVA. Aug. 12, 2010.
Bettenburg et al., An Empirical Study on the Risks of Using Off-the-Shelf Techniques for Processing Mailing List Data, 2009, IEEE 4 pages.
Bindu et al., Spam War: Battling Ham against Spam, 2011 IEEE 6 pages.
Bobba et al. Attribute-Based Messaging: Access Control and Confidentiality, 2010, ACM 35 pages.
Chen et al., Online Detection and Prevention of Phishing Attacks, 2006, IEEE 7 pages.
Kamouskos et al., Active Electronic Mail, 2002, ACM 6 pages.
Kaushik et al., Email Feedback: A Policy based Approach to Overcoming False Positives, 2005, 10 pages.
Stolfo et al., AMT?MET: Systems for Modeling and Detecting Errant Email. 2003, IEEE 6 pages.
Related Publications (1)
Number Date Country
20170099344 A1 Apr 2017 US
Provisional Applications (5)
Number Date Country
62267569 Dec 2015 US
62213611 Sep 2015 US
62211848 Aug 2015 US
61858154 Jul 2013 US
61559227 Nov 2011 US
Continuations (2)
Number Date Country
Parent 13803231 Mar 2013 US
Child 14829523 US
Parent 15380695 US
Child 14829523 US
Continuation in Parts (5)
Number Date Country
Parent 15251892 Aug 2016 US
Child 15380695 US
Parent 14829523 Aug 2015 US
Child 15251892 US
Parent 13962096 Aug 2013 US
Child 15380695 US
Parent 13333605 Dec 2011 US
Child 13962096 US
Parent 13155900 Jun 2011 US
Child 13333605 US