公开(公告)号：US11483386B1

公开(公告)日：2022-10-25

申请号：US17644072

申请日：2021-12-13

Applicant: Box, Inc.

Inventor： Kechen Huang ,  Nitya Sundareswaran ,  Yi Zhao ,  Yuvnesh Modi ,  Rena Mashintchian ,  Alok Ojha ,  Pal Ramanathan

IPC: H04L67/1095 ,  H04L9/40 ,  H04L67/306

Abstract: A cloud-based content object management system responds to download requests from user devices to provide access to synchronization code. Using the synchronization code, a user device requests, receives, and stores a user-device-local copy of a subject content object. The cloud-based content object management system determines that at least one security-related parameter pertaining to the subject content object has undergone a change and reaches a determination that the user-device-local copy of the subject content object is to be either deleted or quarantined. Upon such determination, the cloud-based content object management system forms eviction instructions and sends them to the user device, which in turn causes deletion or quarantining of the remote content object copy at the user device, while still retaining directory structure metadata that refers to the now evicted subject content object. The subject content object stored at the cloud-based content object management system is synchronized with other user devices.

公开(公告)号：US20220086163A1

公开(公告)日：2022-03-17

申请号：US17390153

申请日：2021-07-30

Applicant: Box, Inc.

Inventor： Sanjiv Pandey ,  Kechen Huang ,  Kanav Gandhi ,  Yi Zhao

IPC: H04L29/06 ,  G06F21/62

Abstract: Methods, systems, and computer program products for content management systems. Multiple components are operatively interconnected to carry out operations for establishing a user device trust level. A content management system facilitates interactions between a plurality of user devices and a plurality of shared content objects. The plurality of user devices are network connected to the content management system. One of the user devices issues a request to access a particular one of the content objects. Responsive to the request, a two-step device check is performed before granting access to the particular one of the content objects. A first step of the two-step device check process is based on login information, and a second step of the two-step device check process is based at least in part on analysis of the content of the particular one of the content objects. The actual bits of the content object itself are inspected.

公开(公告)号：US20210021600A1

公开(公告)日：2021-01-21

申请号：US16948828

申请日：2020-10-01

Applicant: Box, Inc.

Inventor： Alok Ojha ,  Sivaramakrishnan Subramanian ,  Kechen Huang ,  Pal Ramanathan ,  Varun Parmar ,  Yi Zhao

IPC: H04L29/06

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.

公开(公告)号：US11616782B2

公开(公告)日：2023-03-28

申请号：US16948828

申请日：2020-10-01

Applicant: Box, Inc.

Inventor： Alok Ojha ,  Sivaramakrishnan Subramanian ,  Kechen Huang ,  Pal Ramanathan ,  Varun Parmar ,  Yi Zhao

IPC: H04L9/40

Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.