US 12,093,416 B1
Applying an authorization policy across multiple application programs with requests submitted through an HTTP-based API
Keng Lim, Atherton, CA (US); and Poon Fung, Cupertino, CA (US)
Assigned to NextLabs, Inc., San Mateo, CA (US)
Filed by NextLabs, Inc., San Mateo, CA (US)
Filed on May 31, 2022, as Appl. No. 17/804,693.
Application 17/804,693 is a continuation of application No. 16/821,959, filed on Mar. 17, 2020, granted, now 11,347,880.
Application 16/821,959 is a continuation of application No. 15/957,878, filed on Apr. 19, 2018, granted, now 10,592,683, issued on Mar. 17, 2020.
Application 15/957,878 is a continuation in part of application No. 15/291,653, filed on Oct. 12, 2016, granted, now 10,303,892, issued on May 28, 2019.
Claims priority of provisional application 62/240,391, filed on Oct. 12, 2015.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 16/958 (2019.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01); G06F 16/93 (2019.01); G06F 16/9535 (2019.01); G06F 40/131 (2020.01); H04L 67/02 (2022.01)
CPC G06F 21/6218 (2013.01) [G06F 16/986 (2019.01); G06F 21/604 (2013.01); G06F 16/93 (2019.01); G06F 16/9535 (2019.01); G06F 40/131 (2020.01); H04L 67/02 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
providing a document repository having a plurality of protected documents;
providing a policy server having a first plurality of policies, wherein the first plurality of policies controls access to the plurality of protected documents;
providing a secured viewing server having access to the document repository, wherein the secured viewing server provides access to the plurality of protected documents from a web browser;
providing a content access governor having a second plurality of policies, wherein the second plurality of policies comprises a subset of the first plurality of policies;
providing a data protection client having a third plurality of policies, wherein the data protection client has access to the document repository, wherein the third plurality of policies comprises a subset of the first plurality of policies;
at the policy server, sending a policy in the first plurality of policies to the content access governor, wherein the policy controls access to a protected document in the document repository;
at the policy server, sending the policy to the data protection client;
at a web browser, logging on to the secured viewing server by a first user;
at the web browser, opening the protected document by the first user;
at the secured viewing server, receiving a first request to open the protected document;
at the secured viewing server, sending a query to the content access governor with information relevant to the first request, wherein the secured viewing server invokes a content access governor application programming interface to send the query, wherein the information relevant to the first request comprises information about the open action, the protected document and the first user;
at the content access governor, selecting a first subset of policies from the second plurality of policies relevant to the open action, the protected document and the first user;
at the content access governor, evaluating the first subset of policies to produce a first decision on whether the first request is allowed;
at the content access governor, sending the first decision to the secured viewing server in response to the query;
at the secured viewing server, when the first request is allowed, obtaining a plurality of rights granted to the first user on the protected document from the content access governor;
at the secured viewing server, when the first request is allowed, sending the protected document to the web browser in response to the first request according to the plurality of rights granted;
at the web browser, when the first request is allowed, loading the protected document in the web browser, wherein loading the protected document implements the plurality of rights granted to the first user on the protected document.