Patents Assigned to Box, Inc.
  • Publication number: 20200092298
    Abstract: Methods, systems and computer program products for computing system security. Techniques for classifying a potentially unauthorized user as an authorized user involve comparisons of two or more access request times that occur at different computing devices in different geographical locations. Based on those comparisons and the distance between the geographical locations of the different computing devices, a determination is made as to whether or not travel (e.g., via overland travel, via air travel, etc.) between those different geographical locations can be reasonably accomplished within a given time period. If it is determined that the required time for travel between the different geographical locations is greater than the time between the access request times—thus suggesting a spoofing attack or other malfeasance—then the potentially unauthorized (i.e.
    Type: Application
    Filed: August 27, 2019
    Publication date: March 19, 2020
    Applicant: Box, Inc.
    Inventors: Alok Ojha, David Vengerov, Benjamin Draffin, Sesh Jalagam
  • Publication number: 20200089892
    Abstract: A collaboration system manages a plurality of content objects that are shared by multiple users at corresponding user devices in corresponding computing environments. Policies that govern interactions over the plurality of content objects are established. A content object upload request from a first user belonging to a first enterprise is processed by the collaboration system and then the content object is shared with a second user of a second enterprise. Security characteristics pertaining to the second user, and/or the second enterprise, and/or the second user's devices are initially unknown or unverified. As such, upon receiving interaction events raised by a user device of the second user, a set of interaction attributes associated with the interaction events are gathered. One or more trust policies are applied to the interaction attributes to evaluate security conditions that correspond to the interaction events. A response is generated based on the evaluated security conditions.
    Type: Application
    Filed: August 27, 2019
    Publication date: March 19, 2020
    Applicant: Box, Inc.
    Inventor: Alok Ojha
  • Patent number: 10585854
    Abstract: Systems for enforcing multiple object deletion policies over shared content objects that are accessible in a cloud-based service platform. A method embodiment commences upon receiving two or more sets of file deletion parameters that describe respective two or more object deletion policies covering a portion of the shared content objects. Records that form associations between the file deletion parameters and at least some of the shared content objects are made available to event listeners in the system. Upon detecting events associated with access to the shared content by the users, the event listeners analyze the events to identify objects of the shared content that are associated with the multiple object deletion policies. If an object is covered by conflicting deletion policy actions, then actions of the deletion policy having a higher priority are applied. Some actions prevent or delay modification of the objects. Lower priority data retention deletions are suppressed.
    Type: Grant
    Filed: April 19, 2017
    Date of Patent: March 10, 2020
    Assignee: Box, Inc.
    Inventors: Emrah Seker, Alam Karim, Jessica Lynn Fain, Joy Keiko Ebertz, Raymond Louis Thang, Steven La, Shengzhi Sun, Ryan Taylor Churchill, Anne Elizabeth Hiatt Pearl
  • Patent number: 10585710
    Abstract: Methods and systems for managing application performance in a distributed computing environment. Embodiments commence when an application seeks to perform a function over a content object. The application submits a request to perform the function on the content object, and the request is received by an application programming interface processor. The application programming interface processor accesses a data structure comprising entries that relate the requested function to one or more code instances that are accessible at one or more code locations. An evaluator predicts performance of the function using a first location of a first code instance and compares that predicted performance to a predicted or measured performance of the same function using a second location of a second code instance that implements the same function. The better performing code instance at the determined code location is invoked. Results are collated, formatted, and returned to the calling application.
    Type: Grant
    Filed: December 31, 2015
    Date of Patent: March 10, 2020
    Assignee: Box, Inc.
    Inventors: Benjamin Campbell Smith, Gaurav Gargate, Bonan Zheng, Timothy Martin Heilig
  • Patent number: 10587584
    Abstract: Systems for secure cloud-based collaboration over shared objects. Embodiments operate within systems in a cloud-based environment, wherein one or more servers are configured to interface with storage devices that store objects accessible by one or more users. A process receives an electronic message comprising a user request to access an object. Before providing user access to the object, the system generates a requestor-specific steganographic message that is derived from some portion of requestor identification information and/or other user attributes, and/or object storage parameters. Various forms of a requestor-specific steganographic message are applied to selected portions of the object to generate a requestor-specific protected object, which is then provided to the requestor. A web crawler can identify posted unauthorized protected object disclosures.
    Type: Grant
    Filed: November 3, 2015
    Date of Patent: March 10, 2020
    Assignee: Box, Inc.
    Inventors: Victor De Vansa Vikramaratne, Justin Peng, Minh-Tue Vo Thanh, Josh Kline
  • Publication number: 20200074015
    Abstract: Systems and methods for filtering collaboration activity to present in an activity feed. A cloud-based collaboration system is configured to identify collaboration interactions that users have taken over collaboration objects. Some of the collaboration objects or interactions are subject to access permissions as well as policy-based access rules. When a subject user interacts with a user interface, system components select a first set of user interaction events that in some way pertain to the subject user. A first filtering pass applies a first filter to determine object access permissions. After reducing the first set to a smaller second set, then a second filter corresponding to policy-based access rules is applied to the second set to form a still smaller third set of user interaction events. Characteristics of user interaction events in the third set are used to generate user-specific activity feed entries that are presented in a user interface.
    Type: Application
    Filed: September 19, 2018
    Publication date: March 5, 2020
    Applicant: Box, Inc.
    Inventors: Victor De Vansa Vikramaratne, Sesh Jalagam
  • Publication number: 20200076907
    Abstract: Systems for curating and presenting relevant collaboration activity to newly-added users in a cloud-based content management platform. A method embodiment commences by observing and recording user events that correspond to interactions between any number of users and any number of content objects. When a new person who does not have an event history is added, his/her user profile is updated to indicate he/she is a new user, and a start-up proxy user is identified. The proxy user refers to either a real user that is in some way similar to the newly-added user, or the proxy user is a virtual user as amalgamated from previously recorded user history records. The events in the history records of the proxy user are associated with the newly-added user.
    Type: Application
    Filed: September 19, 2018
    Publication date: March 5, 2020
    Applicant: Box, Inc.
    Inventors: Sesh Jalagam, Victor De Vansa Vikramaratne
  • Publication number: 20200076768
    Abstract: Disclosed is an improved systems, methods, and computer program products that use a cluster-based probability model to perform anomaly detection, where the clusters are based upon entities and interactions that exist in content management platforms.
    Type: Application
    Filed: August 28, 2018
    Publication date: March 5, 2020
    Applicant: Box, Inc.
    Inventor: Kave Eshghi
  • Publication number: 20200065152
    Abstract: Methods, systems and computer program products for content management systems. In a computing environment having multiple interconnected computer systems, one or more network communication links between a first computer system that hosts a first application and a second computer system that hosts one or more second applications are established. The first computer system hosts a plurality of shared content objects that can be operated over by any second applications that are interfaced with the first application. Particular interaction events over a shared content object take place at the second applications and/or at the interfaces between the first and second applications. Such particular interaction events are recorded as they occur, after which, based on event attributes associated with the particular interaction events, at least one workflow of the first application is selected. The selected workflow of the first application is executed to perform operations over the shared content object.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventors: Varun Parmar, Karthik Shanmugasundaram, Ivan Sabinin
  • Publication number: 20200067975
    Abstract: Systems and methods for ransomware protection in collaboration systems. One embodiment operates in conjunction with a collaboration system that manages one or more user devices that store device-local copies of content objects in storage areas of the one or more user devices. The collaboration system is accessed by the one or more user devices to facilitate collaboration activity over the content objects. Patterns of collaboration activity are classified, and in some cases, such patterns are deemed to be indicative of ransomware. If ransomware is indicated to be running on a user device, the collaboration system is notified that a ransomware process has been detected on the user device. The collaboration system delivers a prevention policy to other user devices that interface with the collaboration system. The prevention policy is in turn enforced by the other user devices to prevent synchronization of content object changes made by the ransomware.
    Type: Application
    Filed: January 15, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventors: Alok Ojha, Advait D. Karande, Peter Loer, Jeremy Scott Spiegel
  • Publication number: 20200068026
    Abstract: A user interface is configured to present a stream of activities that arise from operation of two or more heterogeneous applications that access shared content objects of a content management system. A first application of a first type among the heterogeneous applications interoperates with a second application of a second type. Application activity records that correspond to interactions by the second application over the shared content objects are stored. Additional interactions that are raised by the first application and that pertain to a common content object are also stored. When a user requests access to a content object of the content management system, recent application activity records are selected. Some of the selected activity records are filtered out based on permissions attributes corresponding to the content object and/or based on permissions attributes corresponding to the requesting user. An application activity stream is generated based on the selected application activity records.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventors: Daniel Wayne Morkovine, Michelle Sangeun Oh, Faizan N. Buzdar, Derrik R. Lansing, Christopher Tucker, Victoria Wee, Prachi Subhash Jadhav, Dhiraj Sekhri, Pal Ramanathan
  • Publication number: 20200067936
    Abstract: A collaboration system provides network access to a plurality of content objects. The collaboration system facilitates collaboration interactions between particular users by allowing or denying network access to the plurality of content objects based on user invitations. A computing module observes and records user-to-user or user-to-content collaboration invitations over the plurality of content objects. On an ongoing basis, a collaboration network graph is constructed and maintained, with updates to the collaboration network graph being continually applied based on observed collaboration interactions. On demand, such as upon receipt of a user request for access to a content object, the updated collaboration network graph is consulted so as to generate a then-current sharing boundary.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventor: Alok Ojha
  • Publication number: 20200065510
    Abstract: Leakage of secure content (e.g., unauthorized dissemination of secure content) is prevented even after a user has downloaded a copy of the secure content. In a content management system, the secure content object is accessible by users who access the secure content by downloading copies. While the downloading of a copy to a user device is permitted, further dissemination is not allowed. To enforce this degree of security, the user downloads a virtual file system that is configured to store a local instance of the secure content object in a secure container of the user device. During ongoing operation of the user device, every data movement operation request associated with the local instance of the secure content object is intercepted. Logic implemented in the downloaded a virtual file system will deny any data movement operation request when a target storage location associated with the data movement operation request is other than a location in the secure container.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventor: Alok Ojha
  • Publication number: 20200065313
    Abstract: Methods, systems and computer program products for managing content objects in a content management system. A metadata template is assigned to a content object of the content management system. Extensible metadata pertaining to the content object is allocated in accordance with the assigned metadata template. Various operations over the content object result in population of the allocated extensible metadata. When the content object is subjected to a workflow, the execution flow and/or the form of responses associated with execution of the workflow are informed by the populated extensible metadata. A single content object can take on an association with multiple sets of extensible metadata and each set of extensible metadata can take on association with a respective workflow.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventors: Kishan Bharat Patel, Varun Parmar, Benjamin John Kus, Hieu Minh Nguyen, John Huffaker
  • Publication number: 20200065509
    Abstract: Methods, systems and computer program products for content management systems. The techniques of the methods, systems and/or computer program products automatically determine activity-based content object access permissions and/or make a recommendation of activity-based content object access permissions. A machine learning model is formed from observations of user interactions over a plurality of content objects. The model is continually updated based on ongoing observation and analysis of user interaction events. When a collaborative relationship is formed between an invitor and one or more invitees, the activity-based permissions model is accessed to determine a set of access permissions to assign to the collaborative relationship. A single collaborative relationship may cover many collaboration objects. In some cases, a set of access permissions are automatically assigned to the collaborative relationship. In other cases, a set of access permissions is presented to the invitor as a recommendation.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventor: Alok Ojha
  • Publication number: 20200065343
    Abstract: Methods, systems and computer program products for shared content management systems. In a content management system that supports multiple applications that operate on shared documents, multiple modules are operatively interconnected to make and present activity-based application recommendations. Techniques for making activity-based application recommendations include recording a series of interaction events from multiple users, which events correspond to a series of interactions performed by a plurality of applications over a shared content object. Constituent interaction events from the series of interactions are analyzed to determine a set of recommended applications. The set of recommended applications is presented to a user in a dynamically-populated user interface.
    Type: Application
    Filed: August 27, 2019
    Publication date: February 27, 2020
    Applicant: Box, Inc.
    Inventors: Daniel Wayne Morkovine, Michelle Sangeun Oh, Faizan N. Buzdar, Derrik R. Lansing, Christopher Tucker, Victoria Wee, Prachi Subhash Jadhav, Dhiraj Sekhri, Pal Ramanathan
  • Patent number: 10574442
    Abstract: Systems and methods are disclosed for facilitating remote key management services in a collaborative cloud-based environment. In one embodiment, the remote key management architecture and techniques described herein provide for local key encryption and automatic generation of a reason code associated with content access. The reason code is logged by a hardware security module which is monitored by a remote client device (e.g., an enterprise client) to control a second (remote) layer of key encryption. The remote client device provides client-side control and configurability of the second layer of key encryption.
    Type: Grant
    Filed: June 2, 2017
    Date of Patent: February 25, 2020
    Assignee: Box, Inc.
    Inventors: Kia Amiri, Jeff Queisser, Chris Byron, Rand Wacker
  • Patent number: 10560544
    Abstract: A system and method for facilitating cache alignment in a cross-enterprise file collaboration system. The example method includes maintaining a plurality of messages in a cache, each message associated with a message offset; determining a message batch size; receiving a first request for a message characterized by a first offset; responding to the first request at least in part by sending an amount of data equal to the batch size starting at the first offset; receiving a second request for a second message of characterized by a second offset; and if the second offset plus the data batch size spans across a boundary determined by the first offset plus the data batch size, then responding to the second request by sending an amount of data equal to the first offset plus the data batch size minus the second offset. In a more specific embodiment, the first and second requests are received from different committers.
    Type: Grant
    Filed: August 25, 2015
    Date of Patent: February 11, 2020
    Assignee: Box, Inc.
    Inventor: Denis Grenader
  • Patent number: 10554426
    Abstract: Systems and methods of real time notification of activities that occur in a web-based collaboration environment are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for selecting a recipient of a notification an activity according to criteria determined based on a workspace in which the activity was performed in the online collaboration platform and/or sending the notification of the activity to the recipient such that the recipient is notified in real time or near real time to when the activity occurred.
    Type: Grant
    Filed: June 3, 2011
    Date of Patent: February 4, 2020
    Assignee: Box, Inc.
    Inventors: Sam Ghods, Arnold Goldberg, Florian Jourda, David T. Lee, Arshdeep Mand
  • Publication number: 20200034127
    Abstract: Systems for managing static assets of web applications. A method embodiment includes identifying a web application that comprises a code base and a set of static assets, then separating the code base of the web application from the set of static assets that are referenced by the web application. The code base is deployed as application services whereas the static assets are deployed as static asset containers. Specifically, the set of static assets referenced by the application services are deployed in containers that are instantiated separately from where the application services are instantiated. Requests to access the application services and requests to access the static assets are tracked by taking performance measurements of the systems that process the accesses. Dynamic scaling of static asset containers is done independently from dynamic scaling of the application services. The dynamic scaling is based on combinations of measured usage and/or any system performance characteristics.
    Type: Application
    Filed: July 28, 2018
    Publication date: January 30, 2020
    Applicant: Box, Inc.
    Inventors: David John Burrowes, David Jordan