Patents by Inventor Kechen Huang
Kechen Huang has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230306133Abstract: Methods, systems, and computer program products for content management systems. Multiple components are operatively interconnected to carry out operations for establishing a user device trust level. A content management system facilitates interactions between a plurality of user devices and a plurality of shared content objects. The plurality of user devices are network connected to the content management system. One of the user devices issues a request to access a particular one of the content objects. Responsive to the request, a two-step device check is performed before granting access to the particular one of the content objects. A first step of the two-step device check process is based on environmental information, and a second step of the two-step device check process is based at least in part on analysis of the content of the particular one of the content objects. The actual bits of the content object itself are inspected.Type: ApplicationFiled: March 31, 2023Publication date: September 28, 2023Applicant: Box, Inc.Inventors: Rohit BAKSHI, Yi ZHAO, Kanav GANDHI, Areg ALIMIAN, Will CARLSON, Virender GUPTA, Sanjiv PANDEY, Kechen HUANG
-
Patent number: 11616782Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.Type: GrantFiled: October 1, 2020Date of Patent: March 28, 2023Assignee: Box, Inc.Inventors: Alok Ojha, Sivaramakrishnan Subramanian, Kechen Huang, Pal Ramanathan, Varun Parmar, Yi Zhao
-
Patent number: 11483386Abstract: A cloud-based content object management system responds to download requests from user devices to provide access to synchronization code. Using the synchronization code, a user device requests, receives, and stores a user-device-local copy of a subject content object. The cloud-based content object management system determines that at least one security-related parameter pertaining to the subject content object has undergone a change and reaches a determination that the user-device-local copy of the subject content object is to be either deleted or quarantined. Upon such determination, the cloud-based content object management system forms eviction instructions and sends them to the user device, which in turn causes deletion or quarantining of the remote content object copy at the user device, while still retaining directory structure metadata that refers to the now evicted subject content object.Type: GrantFiled: December 13, 2021Date of Patent: October 25, 2022Assignee: Box, Inc.Inventors: Kechen Huang, Nitya Sundareswaran, Yi Zhao, Yuvnesh Modi, Rena Mashintchian, Alok Ojha, Pal Ramanathan
-
Publication number: 20220086163Abstract: Methods, systems, and computer program products for content management systems. Multiple components are operatively interconnected to carry out operations for establishing a user device trust level. A content management system facilitates interactions between a plurality of user devices and a plurality of shared content objects. The plurality of user devices are network connected to the content management system. One of the user devices issues a request to access a particular one of the content objects. Responsive to the request, a two-step device check is performed before granting access to the particular one of the content objects. A first step of the two-step device check process is based on login information, and a second step of the two-step device check process is based at least in part on analysis of the content of the particular one of the content objects. The actual bits of the content object itself are inspected.Type: ApplicationFiled: July 30, 2021Publication date: March 17, 2022Applicant: Box, Inc.Inventors: Sanjiv Pandey, Kechen Huang, Kanav Gandhi, Yi Zhao
-
Publication number: 20210021600Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.Type: ApplicationFiled: October 1, 2020Publication date: January 21, 2021Applicant: Box, Inc.Inventors: Alok Ojha, Sivaramakrishnan Subramanian, Kechen Huang, Pal Ramanathan, Varun Parmar, Yi Zhao
-
Publication number: 20200092337Abstract: As a default, a global permissions model is established. The global permissions model serves for applying a first set of resource access permissions to shared content objects. Additionally, a set of context-aware access policies that govern user interactions over the shared content object is established. When a particular user requests an interaction over a shared content object, then interaction attributes associated with the request are gathered. The context-aware access policies are applied to the request by determining a set of extensible access permissions that are derived from the interaction attributes. The context-aware access policies are enforced by overriding the first set of resource access permissions with dynamically-determined access permissions. When a particular access request is denied, a response is generated in accordance with the set of extensible access permissions and the user is notified. In some cases, the access request is permitted, but only after the user provides a justification.Type: ApplicationFiled: August 27, 2019Publication date: March 19, 2020Applicant: Box, Inc.Inventors: Alok Ojha, Sivaramakrishnan Subramanian, Kechen Huang
-
Patent number: 10333936Abstract: Techniques are described for separating subdomains as part of a secure login process. For example the subdomains can correspond to an enterprise user or personal user accounts, or both. The login process involves responding to a login request with an assertion, such as for example a redirect based assertion, that includes an encrypted data structure with account and user information necessary for identification of the corresponding subdomain. The encrypted data structure includes browser-, IP address, and user-specific information to thwart a cross-site request forgery (CSRF) security vulnerability, among other things.Type: GrantFiled: January 24, 2017Date of Patent: June 25, 2019Assignee: Box, Inc.Inventors: Lev Kantorovskiy, Kechen Huang, Nakul Chander, Anil Chaurasia, Benjamin Kus
-
Publication number: 20180212965Abstract: Techniques are described for separating subdomains as part of a secure login process. For example the subdomains can correspond to an enterprise user or personal user accounts, or both. The login process involves responding to a login request with an assertion, such as for example a redirect based assertion, that includes an encrypted data structure with account and user information necessary for identification of the corresponding subdomain. The encrypted data structure includes browser-, IP address, and user-specific information to thwart a cross-site request forgery (CSRF) security vulnerability, among other things.Type: ApplicationFiled: January 24, 2017Publication date: July 26, 2018Inventors: Lev Kantorovskiy, Kechen Huang, Nakul Chander, Anil Chaurasia, Benjamin Kus