US 9,813,421 B2
Systems and methods for secure resource access and network communication
Benjamin J. Kus, Alameda, CA (US); Jeremy S. Spiegel, San Francisco, CA (US); Jonathan S. Fan, Berkeley, CA (US); and Peter B. Loer, Berkeley, CA (US)
Assigned to Box, Inc., Redwood City, CA (US)
Filed by Box, Inc., Los Altos, CA (US)
Filed on May 20, 2014, as Appl. No. 14/282,628.
Prior Publication US 2015/0341367 A1, Nov. 26, 2015
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); H04L 9/00 (2006.01); H04L 29/08 (2006.01); G06F 21/31 (2013.01); G06F 21/62 (2013.01)
CPC H04L 63/102 (2013.01) [G06F 21/31 (2013.01); G06F 21/6218 (2013.01); H04L 63/20 (2013.01); H04L 67/10 (2013.01); H04L 2463/062 (2013.01)] 24 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
selecting by a first application executing on a client device a connection point from a plurality of connections points through which a first resource can be accessed, wherein each connection point is deployed on a respective remote system within an enterprise network and is configured to provide access to one or more respective resources accessible through the remote system from outside of the enterprise network according to a plurality of respective policies;
establishing by the first application a secure communication channel to the selected connection point by sending a connection request to a remote server that is external to the enterprise network and is configured to facilitate creation of the secure communication channel;
receiving a plurality of the respective policies, each policy comprising a respective resource and a respective permission for a respective action that can be performed by a user in the first application with regards to the respective resource;
creating a first encrypted repository and a different second encrypted repository on the client device, wherein the first application has access to the first encrypted repository;
determining by the first application that one of the policies permits the first application to select a different second application to execute on the client device to open the first resource, wherein the second application has access to the second encrypted repository; and
causing the second application to open the first resource.