公开(公告)号：US20230244811A1

公开(公告)日：2023-08-03

申请号：US17589610

申请日：2022-01-31

Applicant: Box, Inc.

Inventor： Victor De Vansa Vikramaratne ,  Kave Eshghi ,  Thuy Nguyen ,  Alok Ojha

IPC: G06F21/62 ,  G06F16/93

CPC classification number: G06F21/6245 ,  G06F21/6272 ,  G06F16/93

Abstract: Handling user-demanded privacy controls over data of an electronic document collaboration system. A storage facility is configured to store content objects and associated metadata that pertains to the content objects. A user raises a privacy action request that comprises a demand to change how certain content objects that contain personally identifiable information (PII) of the user are handled. A plurality of content objects are classified using a PII classifier that is trained using synthetically-generated training set entries where, rather than reading actual contents from electronic documents of the collaboration system to generate training set entries, instead, the training set entries are generated using words that are randomly selected from a repository of natural language words. When PII corresponding to the user who raised the privacy action request is discovered in content objects, then the content management system modifies those content objects and/or its metadata in accordance with the demand.

公开(公告)号：US11616782B2

公开(公告)日：2023-03-28

申请号：US16948828

申请日：2020-10-01

Applicant: Box, Inc.

Inventor： Alok Ojha ,  Sivaramakrishnan Subramanian ,  Kechen Huang ,  Pal Ramanathan ,  Varun Parmar ,  Yi Zhao

IPC: H04L9/40

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.

公开(公告)号：US20200092298A1

公开(公告)日：2020-03-19

申请号：US16553106

申请日：2019-08-27

Applicant: Box, Inc.

Inventor： Alok Ojha ,  David Vengerov ,  Benjamin Draffin ,  Sesh Jalagam

IPC: H04L29/06 ,  G06N5/04 ,  G06N20/00

Abstract: Methods, systems and computer program products for computing system security. Techniques for classifying a potentially unauthorized user as an authorized user involve comparisons of two or more access request times that occur at different computing devices in different geographical locations. Based on those comparisons and the distance between the geographical locations of the different computing devices, a determination is made as to whether or not travel (e.g., via overland travel, via air travel, etc.) between those different geographical locations can be reasonably accomplished within a given time period. If it is determined that the required time for travel between the different geographical locations is greater than the time between the access request times—thus suggesting a spoofing attack or other malfeasance—then the potentially unauthorized (i.e., only potentially malfeasant) access can still be deemed as an authorizable access request by analyzing browser configurations and activity patterns of the potentially unauthorized user.

公开(公告)号：US11423167B2

公开(公告)日：2022-08-23

申请号：US16553149

申请日：2019-08-27

Applicant: Box, Inc.

Inventor： Alok Ojha

IPC: G06F21/62 ,  G06F16/11 ,  G06F21/53 ,  H04L9/40 ,  H04L67/06 ,  H04L67/55 ,  G06N20/00 ,  G06N5/04 ,  G06F21/57

Abstract: Leakage of secure content (e.g., unauthorized dissemination of secure content) is prevented even after a user has downloaded a copy of the secure content. In a content management system, the secure content object is accessible by users who access the secure content by downloading copies. While the downloading of a copy to a user device is permitted, further dissemination is not allowed. To enforce this degree of security, the user downloads a virtual file system that is configured to store a local instance of the secure content object in a secure container of the user device. During ongoing operation of the user device, every data movement operation request associated with the local instance of the secure content object is intercepted. Logic implemented in the downloaded a virtual file system will deny any data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container.

公开(公告)号：US20220083604A1

公开(公告)日：2022-03-17

申请号：US17334420

申请日：2021-05-28

Applicant: Box, Inc.

Inventor： Alok Ojha

IPC: G06F16/903 ,  G06F16/901 ,  H04L29/12

Abstract: Various corpora of content objects and other information sources beyond the corpora of content objects are processed to identify personally identifiable information (PII). PII that is associated with a named person is codified into a first portion of a graph-oriented data structure. Also, PII that is associated with an alias that might refer to a named person is codified into a second portion of the graph-oriented data structure. A determination is made that the alias that might refer to a named person is indeed an alias that is a coreference to the named person. Based on that determination then, since the first portion of the graph and the second portion of the graph refer to the same person, then the PII of the second portion of the graph can be deemed to be PII of the same person. PII in common and/or language processing can be used to establish coreferences.

公开(公告)号：US20200220928A1

公开(公告)日：2020-07-09

申请号：US16243036

申请日：2019-01-08

Applicant: Box, Inc.

Inventor： Advait D. Karande ,  Alok Ojha ,  Deepak Khajuria

IPC: H04L29/08 ,  G06F9/50 ,  G06F16/185 ,  H04L29/06

Abstract: Methods, systems and computer program products for managing shared content directory structure metadata stored on client devices. A method embodiment includes identifying a collaboration system that stores one or more content objects that are organized in accordance with a directory structure. Requests pertaining to the content objects are raised by processing entities running on the client device. The requests include instructions to retrieve one or more of multiple types of metadata associated with the directory elements that constitute the directory structure. Based on timing and patterns of requests pertaining to the content objects, a monitoring function detects unwanted runaway retrieval by a runaway process. To prevent further unwanted runaway retrieval of the metadata, the runaway process is blocked from continuing its pattern of unwanted (runaway) retrieval. The collaboration system is notified of characteristics of the runaway process. Some or all of the unwanted retrievals are remediated automatically.

公开(公告)号：US20200092337A1

公开(公告)日：2020-03-19

申请号：US16553057

申请日：2019-08-27

Applicant: Box, Inc.

Inventor： Alok Ojha ,  Sivaramakrishnan Subramanian ,  Kechen Huang

IPC: H04L29/06

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.

公开(公告)号：US12008045B2

公开(公告)日：2024-06-11

申请号：US17334440

申请日：2021-05-28

Applicant: Box, Inc.

Inventor： Alok Ojha

IPC: G06F16/903 ,  G06F16/901 ,  G06F16/906 ,  G06F40/20 ,  H04L61/4523

CPC classification number: G06F16/90335 ,  G06F16/9024 ,  G06F16/906 ,  G06F40/20 ,  H04L61/4523

Abstract: Various corpora of content objects and other information sources beyond the corpora of content objects are processed to identify personally identifiable information (PII). PII that is associated with a named person is codified into a first portion of a graph-oriented data structure. Also, PII that is associated with an alias that might refer to a named person is codified into a second portion of the graph-oriented data structure. A determination is made that the alias that might refer to a named person is indeed an alias that is a coreference to the named person. Based on that determination then, since the first portion of the graph and the second portion of the graph refer to the same person, then the PII of the second portion of the graph can be deemed to be PII of the same person. PII in common and/or language processing can be used to establish coreferences.

公开(公告)号：US11741163B2

公开(公告)日：2023-08-29

申请号：US17334420

申请日：2021-05-28

Applicant: Box, Inc.

Inventor： Alok Ojha

IPC: G06F16/903 ,  G06F16/901 ,  G06F16/906 ,  G06F40/20 ,  H04L61/4523

CPC classification number: G06F16/90335 ,  G06F16/906 ,  G06F16/9024 ,  G06F40/20 ,  H04L61/4523

Abstract: Various corpora of content objects and other information sources beyond the corpora of content objects are processed to identify personally identifiable information (PII). PII that is associated with a named person is codified into a first portion of a graph-oriented data structure. Also, PII that is associated with an alias that might refer to a named person is codified into a second portion of the graph-oriented data structure. A determination is made that the alias that might refer to a named person is indeed an alias that is a coreference to the named person. Based on that determination then, since the first portion of the graph and the second portion of the graph refer to the same person, then the PII of the second portion of the graph can be deemed to be PII of the same person. PII in common and/or language processing can be used to establish coreferences.

公开(公告)号：US11727132B2

公开(公告)日：2023-08-15

申请号：US16552956

申请日：2019-08-27

Applicant: Box, Inc.

Inventor： Alok Ojha

IPC: H04L29/06 ,  G06F21/62 ,  G06F16/11 ,  G06F21/53 ,  H04L9/40 ,  H04L67/06 ,  G06N20/00 ,  G06N5/04 ,  G06F21/57 ,  H04L67/55

CPC classification number: G06F21/6218 ,  G06F16/11 ,  G06F21/53 ,  G06F21/577 ,  G06F21/6227 ,  G06N5/04 ,  G06N20/00 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107 ,  H04L63/1416 ,  H04L63/1466 ,  H04L67/06 ,  H04L67/55 ,  G06F2221/034

Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation. A user can accept or reject any recommendation.