Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Computer method and apparatus for securely managing data objects in a distributed context

a distributed context and computer technology, applied in the field of usage rights enforcement and management of digitally encoded documents and data, can solve the problems of difficult and ideal impossible for someone, copy-prevention technologies not powerful enough to describe usage policies, and the type of usage rights that can be enforced are too coarse grained to be a general solution, so as to achieve the effect of protecting integrity

Inactive Publication Date: 2005-01-13
LIQUID MACHINES
View PDF46 Cites 204 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

[0027] A further objective of the present invention is to provide a system and method for obtaining visibility into a business process. Such visibility may be achieved without committing to the risks of securing data objects by encrypting or otherwise changing the actual digital representation of their data objects. When control does not include protection, we obviously cannot ensure that we maintain control against malicious adversaries, i.e. ones that manipulate the protected data objects outside of our protected environment. However, this level of control is still desirable in business situations where an enterprise might want visibility into a business process while their data objects remain in plain text.
[0079] A further objective of the present invention is to provide a method and system for allowing the server to supply a client with a limited history of KEKs for a control policy. The use of an expired policy KEK in a protected data object does not force the client to have to contact the server before accessing the object. Even though a user never accesses a protected data object while online, as long as his or her off-line access occurs within the cache timeout period of the control policy of the data object, the user will not be denied access due to an out-of-date KEK.

Problems solved by technology

Though copy-protection techniques are appropriate for some domains, the types of usage rights that they can enforce are too coarse grained to be a general solution.
Copy-prevention technologies are not powerful enough to describe such usage policies.
Though this approach does not prevent copying of the encrypted bits, it achieves the same end result as copy protection since unauthorized users cannot access the protected data objects without the secret key.
This coupling should make it very difficult and ideally impossible for someone, who is not the owner of the object or otherwise authorized, to separate the data object from its usage rights.
In many commercial situations, the owner of the protected data object may not want to bother the end user with an explicit encryption and decryption step or may not trust the end user to abide by the usage rights.
Though these requirements are not an imposition in a domain like online music, they are a serious impediment to dynamic environments, i.e., ones where the usage rights protecting data objects may change frequently and in possibly significant ways.
These requirements are also a serious impediment to distributed environments, where multiple users may have individual copies of a protected data object on diverse computer devices and storage media, some of which may not be online or otherwise accessible to the owner of the protected object.
Clearly, it is not possible in such environments for the rights management system to have access to all of the copies of the protected object when the owner wishes to make a change to the usage rights of that protected object.
It is also not desirable to re-issue a new protected data object to a group of users, since the change in usage rights may affect only a few users and should be unnoticed (transparent) to the rest.
Furthermore, it may not even be possible to re-issue the protected data object in a distributed environment where the owner controls the usage rights but does not have a copy of the latest version of the object.
In a truly collaborative environment, it's often difficult and sometimes impossible to identify a single “publisher” of collaborative material.
Though an approach like Authentica's allows the owners of protected data objects to control usage of distributed information and dynamically change that usage information without the need to collect or redistribute the protected data objects, it is not a complete solution to the problems associated with the enforcement and management of usage rights in collaborative environments.
Finally, all of the current rights management systems, especially those focused on publish-only distribution models, too tightly control the creation, modification, and distribution of protected documents to be appropriate for protecting the data objects comprising collaborative interactions.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Computer method and apparatus for securely managing data objects in a distributed context
  • Computer method and apparatus for securely managing data objects in a distributed context
  • Computer method and apparatus for securely managing data objects in a distributed context

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0095] A description of preferred embodiments of the invention follows.

[0096] The present invention starts with centralized management of usage rights organized in a structure that mirrors the important processes of the business. FIG. 1 illustrates the organizing structure 10 for policies employed in one embodiment of the present invention. A business process 12 represents progressively continuing procedures based on controlled phases or activities that are systematically directed at achieving specific business results. Business processes 12 within the hierarchical organizing structure 10 act as containers that hold one or more control policies 14. A control policy 14 specifies usage rules that govern how the protected data objects may be used and by whom. Policies typically represent the phases or activities within a business process and are flexible enough to support data classifications (e.g. company confidential, executive only, etc.). Each protected data object (illustrated as...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

In a network of intermittently-connected computers, a method and apparatus for maintaining and managing control over data objects authored, accessed, and altered by users in dynamic, distributed, and collaborative contexts. The invention method and apparatus attach to each data object an identification of a respective control policy. Each control policy comprises at least an indication of a subset of the users who may access the data object, an indication of the privileges granted to each subset of users able to access the data object, and an indication of a subset of users who may define or edit the control policy. The invention method and apparatus separate the management of the control policies of data objects from the creation and use of the data objects. The invention method and apparatus automate common policy changes, distribution of policy changes to the enforcement agents, and propagation of control policies to derivative works.

Description

RELATED APPLICATIONS [0001] This application claims the benefit of U.S. Provisional Application No. 60 / 475,109, filed on Jun. 2, 2003, the entire teachings of which are incorporated herein by reference.BACKGROUND OF THE INVENTION [0002] The present invention relates to the field of usage rights enforcement and management for digitally encoded documents and data. [0003] The encoding and distributing of audio, video, graphical, and written work in digital formats has become a fundamental part of modern business. However, the ease with which copies may be made that are identical to the original and the speed of distribution enabled by the Internet have caused the owners of such works to adopt technologies that associate and enforce usage rights with digitally encoded data. Examples of those interested in such technologies include: providers of music, movies, or other entertainment content; publishers of electronic newspapers, magazines, or books; and corporations with confidential, pro...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(United States)
IPC IPC(8): G06FG06F11/30G06F12/14H04L9/00H04L9/08H04L29/06
CPCH04L9/08H04L63/0428H04L63/101H04L2209/603H04L2463/101H04L9/0822H04L9/0891H04L63/20G06F21/6209G06F2221/2111G06F2221/2137
Inventor LESER, NORBERTKYNE, FAJENMORGAN, ROBERTBARCLAY, CHRISTOPHER B.GAUDET, EDWARD J.SCHOONMAKER, JAMESEPSTEIN, ARNOLD S.SMITH, MICHAEL D.
Owner LIQUID MACHINES
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products